[ Usenet FAQs | Search | Web FAQs | Documents | RFC Index ]
Single Page
Top Document: FAQ: Frequently Asked Questions about CGI Programming
Previous Document: 3.11 Can I do HTTP authentication using CGI?
Next Document: 3.13 Can I redirect users to another page?
-
Search the FAQ Archives
Single Page
Top Document: FAQ: Frequently Asked Questions about CGI Programming
Previous Document: 3.11 Can I do HTTP authentication using CGI?
Next Document: 3.13 Can I redirect users to another page?
3.12 Can I identify users/sessions without password protection?
The most usual (but browser-dependent) way to do this is to set a cookie. If you do this, you are accepting that not all users will have a 'session'. An alternative is to pass a session ID in every GET URL, and in hidden fields of POST requests. This can be a big overhead unless _every_ page requires CGI in any case. Another alternative is the Hyper-G[1] solution of encoding a session-id in the URLs of pages returned: http://hyper-g.server/session_id/real/path/to/page This has the drawback of making the URLs very confusing, and causes any bookmarked pages to generate old session_ids. Note that a session ID based solely on REMOTE_HOST (or REMOTE_ADDR) will NOT work, as multiple users may access your pages concurrently from the same machine. [1] Actually I don't think that's been true of Hyper-G since sometime in '96. However, general advances in web server technology, such as Apache's mod_alias or mod_rewrite, make it straightforward without the need for CGI.
Top Document: FAQ: Frequently Asked Questions about CGI Programming
Previous Document: 3.11 Can I do HTTP authentication using CGI?
Next Document: 3.13 Can I redirect users to another page?
Single Page
[ Usenet FAQs | Search | Web FAQs | Documents | RFC Index ]
Send corrections/additions to the FAQ Maintainer:
Nick Kew <nick@webthing.com>
Last Update December 05 2008 @ 00:13 AM