Re: [help-cgicc] session how to, please explain

[Anthony Bouvier]

On Apr 12, 2005, at 7:31 PM, Vlad D. Markov wrote:
> There are other ways to track users but they are harder to implement  
> in my opinion. Since its school, usually the hidden field mechanism  
> gets a decent enough grade.

But -if- you want to get fancy, a nice way to do it is to use an RDBMS  
to track session data.  Just like Vlad mentions, session tracking is  
certainly outside of the scope of Cgicc, but what many application  
systems do is generate a unique key per visitor (say like a 32bit MD5  
hash) that ties a user's experience to session data stored in a  
database (lookup on the unique key, verify their data).  You can pass  
this key page to page in a cookie, or via a URL variable (in essence to  
be parsed by Cgicc and handed to lookup methods).  Such a URL would  
look like:

http://www.yoursite.com/yourprogram.cgi? 
session=bc591241c8c662e758b2b12c0f549f02

So, with Cgicc, you get the value passed by the URL variable 'session',  
then hand that off to a method to lookup their data in the DB.  If the  
key is not in the DB, then their session does not exist and you send  
them to the login page.

Short:

1)   User Logs In
1a)  Session Id is generated and saved in the DB with any other data  
(say session preferences or something)
1b)  Write the session id to a cookie, or keep passing it along in a  
URL variable (like above)

2)  Each page, get the session id passed (in 1b)
2a)  Send the session id to a method to look it up in a DB
2b)  If there, let them continue, if not there, send them to login

--
anthony bouvier
press ganger
http://privateerpress.com