Ezilon.com - Target Your Audience, be Seen in Your Region
HomeBuilding Your WebsiteWeb Programming and Application Development

To cookie or not to cookie

You are viewing this site as a guest. Join our community to get your questions answered and share knowledge. Active members may advertise and ask for a website critique.

critical posted this at 14:47 — 21st January 2003.

They have: 46 posts

Joined: May 2002

Hi,

I need to create a secure site, where members login, and, depending on what they want to do when they get there, access a variety of .cgi scripts.

Eventually I'll get a digital certificate and the whole site will be SSL/https - but I'm not worried about that yet.

I need to decide how to authenticate users and keep track of them once they are there. Each .cgi script will output different information on the screen based on user priveleges.

I haven't dabbled in cookies yet - will I need to use them for this purpose?

Anything else I should consider?

The only other thing I thought of is to make sure I only "post" data from one script to another (i.e. always submitting a form to access the next script - not clicking on a link) - that way the (encrypted) username would always get passed from one script to the next as a hidden form element.

Your thoughts? Thanks.

Suzanne posted this at 17:17 — 21st January 2003.

Suzanne's picture

She has: 5,512 posts

Joined: Feb 2000

Sessions is the other option.

Mark Hensler posted this at 17:28 — 21st January 2003.

Mark Hensler's picture

He has: 4,044 posts

Joined: Aug 2000

You could make your own fake sessions. I don't know what language you'll be using, so I'll pseudocode it...

check user's machine for _cookie_
if ( _cookie_ ) {

sql: delete from session_table where last_active>15_minutes_ago
sql: select * from session_table where session_id=_cookie_

if ( _recordset_ ) {

obtain _authentication_ for user

}

}

if ( no _authentication_ ) {

prompt for login
sql: insert into session_table

}

Mark Hensler ["Max Albert"] [Email]
If there is no answer on Google, then there is no question.

critical posted this at 17:42 — 21st January 2003.

They have: 46 posts

Joined: May 2002

Perl, Red Hat Linux server, no database other than reading/writing to flat text files

critical posted this at 18:35 — 21st January 2003.

They have: 46 posts

Joined: May 2002

I just came across an O'Reilly book titled: "Writing Apache Modules with Perl and C" which seems to explain the pros and cons of hidden form elements vs. cookies vs. server-side-persistence methods (sessions). Looks like I may be implementing my first real database after all!

http://www.oreilly.com/catalog/wrapmod/