Should I use Storable or FreezeThaw to serialize Perl data as a cookie value?
I would like to store some data in a cookie, and my original package had to package it myself, but then I remembered that there is a module for everything.
I looked at Storable
and FreezeThaw
. Both seem to fit, although the latter mentions the string specifically and seems to serialize to a string without newlines, whereas Storable creates a string containing newlines.
Which module is best for my application, or is there something even more appropriate?
source to share
If storing data in a cookie is really what you want to do and sessions are not good, I would go with Storable
plus MIME::Base64
to make cookies safe. Possibly added Digest::HMAC
to protect against unauthorized access and / or Crypt::Rijndael
to make the data completely opaque to the user, if necessary.
source to share
It is generally not recommended to store large chunks of data in client cookies, both for security and compatibility reasons. Instead, I would recommend using something like CGI :: Session , which will give you automatic session cookies and you can store the data in a table or file server side. Then it doesn't matter which serialization method you use.
source to share
Both Storable and FreezeThaw can produce non-printable or other problematic characters as well as newlines. But most of the modules that will generate and parse the cookie headers for you will automatically encode any characters that need it, so you don't have to worry about that.
But I would recommend storing more complex server-side data servers.
source to share
I ended up using Storable and encrypted the result before putting it into the cookie:
use CGI::Cookie;
use Storable qw(freeze);
use Crypt::CBC;
my $data = {
'ID' => 7,
'foo' => 'bar',
};
my $cipher = Crypt::CBC->new(
-cipher => 'Rijndael',
-header => 'none',
-key => $key,
-iv => $iv,
);
my $enc = $cipher->encrypt_hex(freeze($data));
my $cookie = CGI::Cookie->new(
-name => 'oatmeal',
-value => $enc,
);
source to share