[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [help-cgicc] session how to, please explain
From: |
Anthony Bouvier |
Subject: |
Re: [help-cgicc] session how to, please explain |
Date: |
Wed, 13 Apr 2005 20:46:48 -0400 |
On Apr 13, 2005, at 7:34 PM, Vlad D. Markov wrote:
On Wed, 13 Apr 2005 12:54:06 -0400
Anthony Bouvier <address@hidden> wrote:
<snip>
I sent an example to the original questioner (and accidentally did
that
from an account not on the mailing list so my post didn't get to the
list .. at least until a mod lets it through). It gives him a rough
outline of how to handle sessions in conjunction with Cgicc. And its
not difficult at all.
It would be nice if you would share this simple method with the
mailing list. I would much rather use cgicc with some sort of session
mechanism than run something more demanding of computer resources like
java or ruby.
Well, -I- think its simple. ;)
Here is what I sent:
<SNIP>
On Apr 12, 2005, at 7:31 PM, Vlad D. Markov wrote:
There are other ways to track users but they are harder to implement
in my opinion. Since its school, usually the hidden field mechanism
gets a decent enough grade.
But -if- you want to get fancy, a nice way to do it is to use an RDBMS
to track session data. Just like Vlad mentions, session tracking is
certainly outside of the scope of Cgicc, but what many application
systems do is generate a unique key per visitor (say like a 32bit MD5
hash) that ties a user's experience to session data stored in a
database (lookup on the unique key, verify their data). You can pass
this key page to page in a cookie, or via a URL variable (in essence to
be parsed by Cgicc and handed to lookup methods). Such a URL would
look like:
http://www.yoursite.com/yourprogram.cgi?
session=bc591241c8c662e758b2b12c0f549f02
So, with Cgicc, you get the value passed by the URL variable 'session',
then hand that off to a method to lookup their data in the DB. If the
key is not in the DB, then their session does not exist and you send
them to the login page.
Short:
1) User Logs In
1a) Session Id is generated and saved in the DB with any other data
(say session preferences or something)
1b) Write the session id to a cookie, or keep passing it along in a
URL variable (like above)
2) Each page, get the session id passed (in 1b)
2a) Send the session id to a method to look it up in a DB
2b) If there, let them continue, if not there, send them to login"
</SNIP>
--
anthony bouvier
press ganger
http://privateerpress.com