[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [help-cgicc] session how to, please explain

From: Anthony Bouvier
Subject: Re: [help-cgicc] session how to, please explain
Date: Tue, 12 Apr 2005 20:27:25 -0400

On Apr 12, 2005, at 7:31 PM, Vlad D. Markov wrote:

There are other ways to track users but they are harder to implement in my opinion. Since its school, usually the hidden field mechanism gets a decent enough grade.

But -if- you want to get fancy, a nice way to do it is to use an RDBMS to track session data. Just like Vlad mentions, session tracking is certainly outside of the scope of Cgicc, but what many application systems do is generate a unique key per visitor (say like a 32bit MD5 hash) that ties a user's experience to session data stored in a database (lookup on the unique key, verify their data). You can pass this key page to page in a cookie, or via a URL variable (in essence to be parsed by Cgicc and handed to lookup methods). Such a URL would look like: session=bc591241c8c662e758b2b12c0f549f02

So, with Cgicc, you get the value passed by the URL variable 'session', then hand that off to a method to lookup their data in the DB. If the key is not in the DB, then their session does not exist and you send them to the login page.


1)   User Logs In
1a) Session Id is generated and saved in the DB with any other data (say session preferences or something) 1b) Write the session id to a cookie, or keep passing it along in a URL variable (like above)

2)  Each page, get the session id passed (in 1b)
2a)  Send the session id to a method to look it up in a DB
2b)  If there, let them continue, if not there, send them to login

anthony bouvier
press ganger

reply via email to

[Prev in Thread] Current Thread [Next in Thread]