To cookie or not to cookie
Hi,
I need to create a secure site, where members login, and, depending on what they want to do when they get there, access a variety of .cgi scripts.
Eventually I'll get a digital certificate and the whole site will be SSL/https - but I'm not worried about that yet.
I need to decide how to authenticate users and keep track of them once they are there. Each .cgi script will output different information on the screen based on user priveleges.
I haven't dabbled in cookies yet - will I need to use them for this purpose?
Anything else I should consider?
The only other thing I thought of is to make sure I only "post" data from one script to another (i.e. always submitting a form to access the next script - not clicking on a link) - that way the (encrypted) username would always get passed from one script to the next as a hidden form element.
Your thoughts? Thanks.
Suzanne posted this at 17:17 — 21st January 2003.
She has: 5,507 posts
Joined: Feb 2000
Sessions is the other option.
Mark Hensler posted this at 17:28 — 21st January 2003.
He has: 4,048 posts
Joined: Aug 2000
You could make your own fake sessions. I don't know what language you'll be using, so I'll pseudocode it...
check user's machine for _cookie_
if ( _cookie_ ) {
sql: delete from session_table where last_active>15_minutes_ago
sql: select * from session_table where session_id=_cookie_
if ( _recordset_ ) {
obtain _authentication_ for user
}
}
if ( no _authentication_ ) {
prompt for login
sql: insert into session_table
}
Mark Hensler
If there is no answer on Google, then there is no question.
critical posted this at 17:42 — 21st January 2003.
They have: 46 posts
Joined: May 2002
Perl, Red Hat Linux server, no database other than reading/writing to flat text files
critical posted this at 18:35 — 21st January 2003.
They have: 46 posts
Joined: May 2002
I just came across an O'Reilly book titled: "Writing Apache Modules with Perl and C" which seems to explain the pros and cons of hidden form elements vs. cookies vs. server-side-persistence methods (sessions). Looks like I may be implementing my first real database after all!
http://www.oreilly.com/catalog/wrapmod/
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.