Re: Best way to handle cgi sessions

Discussion in 'Python' started by Christoph Haas, Oct 14, 2005.

  1. On Friday 14 October 2005 21:22, Derek Perriero wrote:
    > What would be the best way to create a cgi session that contains the
    > basic elements of a cookie and can also hold secure data, such as a
    > username/password. I've explored the possibilities of using SmartCookie,
    > but that doesn't encrypt my parameters.


    Encrypting the parameters is probably not the best way. Usually you store
    the information you need in your own database and just pass the client
    (web browser/user) a handle (session ID). That way you temporarily identify
    the user through the session ID but can store data in your database that
    the
    user cannot even see.

    There are a few things you need to take care of like:
    - only pass a new session cookie if necessary
    (otherwise the user may be prompted to accept the same cookie time and
    again)
    - expire the session if the user hasn't been using it
    - check if the session ID fits the IP address you recorded
    - create unique session IDs

    A link from my list of bookmarks about session handling:
    http://starship.python.net/~davem/cgifaq/faqw.cgi?req=show&file=faq02.011.htp

    We have recently developed such a session handler for a Debian-related web
    site which uses a MySQL table to store session information. If there is
    interest I'll tidy it up a bit and make it publicly available.

    Cheers
    Christoph
    --
    ~
    ~
    ".signature" [Modified] 1 line --100%-- 1,48 All
     
    Christoph Haas, Oct 14, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ravikanth[MVP]
    Replies:
    6
    Views:
    3,927
    Aemca
    Jul 18, 2003
  2. Ken Cox [Microsoft MVP]

    Re: Relationship between IIS Sessions and ASP.NET Sessions?

    Ken Cox [Microsoft MVP], Aug 8, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    5,418
    Luther Miller
    Aug 8, 2003
  3. Thomas Scheiderich

    Best way to handle documents in ASP.NET

    Thomas Scheiderich, May 20, 2004, in forum: ASP .Net
    Replies:
    11
    Views:
    2,499
    Jim Corey
    May 20, 2004
  4. scottymo
    Replies:
    3
    Views:
    765
    Dominick Baier
    Sep 30, 2006
  5. Bookham Measures

    Moving from ASP Sessions to Database Sessions

    Bookham Measures, Jul 23, 2007, in forum: ASP General
    Replies:
    19
    Views:
    600
    Bookham Measures
    Aug 23, 2007
Loading...

Share This Page