Store session variables in a form

Discussion in 'HTML' started by Fernie, Nov 20, 2004.

  1. Fernie

    Fernie Guest

    I know that session data can be stored in fat urls and cookies but I am
    wondering if it possible to store session data within a form. If so, what
    are they called and can someone show me an example of how the html syntax
    looks?

    Thanks very much,

    Fernie



    --

    ELKNews FREE Edition - Empower your News Reader! http://www.atozedsoftware.com
     
    Fernie, Nov 20, 2004
    #1
    1. Advertising

  2. Fernie

    RobM Guest

    "Fernie" <Fernie@not_thisDocSignings.net> wrote in message
    news:4834F7CCDCB4E240Fernie@not_thisDocSignings.net...
    > I know that session data can be stored in fat urls and cookies but I am
    > wondering if it possible to store session data within a form. If so, what
    > are they called and can someone show me an example of how the html syntax
    > looks?
    >
    > Thanks very much,
    >
    > Fernie
    >


    Hi - to store data in a form for later retrieval when it is submitted back
    (is that what you mean by session variables - as opposed to JSP/ASP server
    session variable storage?) - you populate hidden input fields.

    <input type="hidden" name="fieldname" value="some_value">

    Obviously within your <form>...</form> tags.

    This also makes your page and its transmission bigger, a tradeoff with
    keeping session variables on the server (whatever server language you're
    using).

    Cheers
    RobM
     
    RobM, Nov 20, 2004
    #2
    1. Advertising

  3. Fernie

    Fernie Guest

    Hi Rob,

    Thank you very much for your response, that was exactly what I was looking
    for!

    Best Regards,

    Fernie




    "RobM" <> wrote in message
    news:S2Fnd.42678$...
    >
    > "Fernie" <Fernie@not_thisDocSignings.net> wrote in message
    > news:4834F7CCDCB4E240Fernie@not_thisDocSignings.net...
    >> I know that session data can be stored in fat urls and cookies but I am
    >> wondering if it possible to store session data within a form. If so,
    >> what
    >> are they called and can someone show me an example of how the html syntax
    >> looks?
    >>
    >> Thanks very much,
    >>
    >> Fernie
    >>

    >
    > Hi - to store data in a form for later retrieval when it is submitted
    > back
    > (is that what you mean by session variables - as opposed to JSP/ASP server
    > session variable storage?) - you populate hidden input fields.
    >
    > <input type="hidden" name="fieldname" value="some_value">
    >
    > Obviously within your <form>...</form> tags.
    >
    > This also makes your page and its transmission bigger, a tradeoff with
    > keeping session variables on the server (whatever server language you're
    > using).
    >
    > Cheers
    > RobM
    >
    >




    --

    ELKNews FREE Edition - Empower your News Reader! http://www.atozedsoftware.com
     
    Fernie, Nov 20, 2004
    #3
  4. Fernie

    Fernie Guest

    Hi Rob,

    Now I'm able to store all session information on the html page without
    cookies. Thank you.

    Anyway, I was thinking about your reply to me and I'm curious about
    something. I don't do much internet development and I don't use anything
    fancy like JSP or ASP server (I've been playing around with CGIs).

    How do these server platforms identify each anonymous web client? Is it
    through some random identifier that is stored on the client? If so, is it a
    cookie, a hidden form, a fat url, or any combination? I can see problems
    with methods, such as IPs and cookies. I'd guess hidden fields is how an
    identifier is stored. Am I way off base?

    Thanks again,

    Fernie


    "RobM" <> wrote in message
    news:S2Fnd.42678$...
    > Hi - to store data in a form for later retrieval when it is submitted
    > back
    > (is that what you mean by session variables - as opposed to JSP/ASP server
    > session variable storage?) - you populate hidden input fields.
    >
    > <input type="hidden" name="fieldname" value="some_value">
    >
    > Obviously within your <form>...</form> tags.
    >
    > This also makes your page and its transmission bigger, a tradeoff with
    > keeping session variables on the server (whatever server language you're
    > using).
    >
    > Cheers
    > RobM
    >
    >




    --

    ELKNews FREE Edition - Empower your News Reader! http://www.atozedsoftware.com
     
    Fernie, Nov 20, 2004
    #4
  5. Fernie

    RobM Guest

    > "RobM" <> wrote in message
    > news:S2Fnd.42678$...
    > > Hi - to store data in a form for later retrieval when it is submitted
    > > back
    > > (is that what you mean by session variables - as opposed to JSP/ASP

    server
    > > session variable storage?) - you populate hidden input fields.
    > >
    > > <input type="hidden" name="fieldname" value="some_value">


    "Fernie" <Fernie@not_thisDocSignings.net> wrote in message
    news:457AB3D2F1B4E240Fernie@not_thisDocSignings.net...
    > Hi Rob,
    >
    > Now I'm able to store all session information on the html page without
    > cookies. Thank you.
    >
    > Anyway, I was thinking about your reply to me and I'm curious about
    > something. I don't do much internet development and I don't use anything
    > fancy like JSP or ASP server (I've been playing around with CGIs).
    >
    > How do these server platforms identify each anonymous web client? Is it
    > through some random identifier that is stored on the client? If so, is it

    a
    > cookie, a hidden form, a fat url, or any combination? I can see problems
    > with methods, such as IPs and cookies. I'd guess hidden fields is how an
    > identifier is stored. Am I way off base?
    >
    > Thanks again,
    >
    > Fernie


    Hi

    I have used a CGI (and am currently converting it) and I bet most people
    have never used this one - "powerbuilder" !. It doesnt have inbuilt session
    store areas (to keep state) so I save name & values to a database. I put the
    key to that table - 1 per new login - (e.g. "session_id") in a hidden field,
    as above, on every form page. So, that's a combination as you mention.

    Now for the "jsp/asp" mentioned above. I'll mention JSP coz its all I've
    used apart from the CGI above. It uses 'URL encoding' - and works like this:
    IF the browser can accept cookies, it stores a java session variable in a
    cookie and looks after returning and identifying the returning user/session
    internally (all done for you). IF again the browser doesnt accept cookies,
    then it adds the session id to the URL and again automatically handles it
    for you. To ensure this, you do:

    <form ... action="<%=response.encodeURL("nextPage")%>" ...> for a form
    and...

    <a ... href="<%=response.encodeURL("nextPage")%>" ..> for a link/anchor.

    I think ASP is probably quite similar, from the commands I've seen.

    So you're not off base, and if the CGI you're using doesnt have inbuilt
    session objects and such methods, and you dont want to store _most_ user's
    session data in a database (only having a hidden field for a key) then yes
    you're on the right track.

    Back to me brekky...
    Cheers
    RobM
    Melbourne
     
    RobM, Nov 20, 2004
    #5
  6. Fernie

    Andy Dingley Guest

    On Sat, 20 Nov 2004 20:22:18 GMT, "Fernie"
    <Fernie@not_thisDocSignings.net> wrote:

    >I don't do much internet development and I don't use anything
    >fancy like JSP or ASP server (I've been playing around with CGIs).


    Fancy ? As a developer, they're a lot less troublesome than CGI. CGI
    is minimal, crude and I haven't used it in years. If I am writing Perl
    for web back ends, mod_perl is almost always a better idea than CGI.
    (I know that CGI doesn't imply formally Perl, but empirically this is
    usually true)


    >How do these server platforms identify each anonymous web client?


    As a web developer, you shouldn't need to worry about this. It's very
    much something that should be done for you by your middleware. It's a
    _hard_ problem - like order processing and credit card handling, most
    web developers just aren't competent to do it well and they should be
    protected from it.

    As you rightly phrase it, web clients are anonymous. HTTP is an
    anonymous and non-stateful protocol. Tracking sessions isn't an easy
    thing to bolt onto this. Around '97 - '99, just how to track sessions
    was an issue of some debate. it wasn't clear just how to do it best,
    and developers often needed to do it themselves. There was even some
    muttering that it was all HTTP's fault and that it should be
    re-engineered to support it.

    Some methods are obvious (IP tracking), but unreliable (proxies).
    Others, like embedding IDs into URLs, are robust but prone to
    spoofing. Cookies are good, but might be disabled. Generally you
    should rely on your middleware to worry about this for you - setting a
    cookie if it can, munging the URL if it can't. Use that Session
    object you're given and don't worry too much about the details. If you
    don't have one, change platform until you do.




    --
    Smert' spamionam
     
    Andy Dingley, Nov 21, 2004
    #6
  7. Fernie

    Fernie Guest

    Andy and Rob,

    I'd like to thank both of you for your very interesting and informative
    replies. I have a decent handle on sesssion tracking now, I've gone with
    the hidden field method and it seems to be working just fine.

    One thing that I'll add is in regards to multiple client requests. In my
    particular case, the cgi executable handles a single client request at a
    time. Therefore, if a multiple clients make simultaneous requests, you end
    up with multiple (short lived) processes. Ideally, I should design the
    executable as a isapi extension but now you end up having to manage sessions
    AND threads, making things more complex for the developer.

    Now I see why it is a good reason to choose a robust middleware system. I'm
    personally familiar with C++ and that is what I've made my cgi with.
    Because of the syntax, would Perl be my best bet? I'd hate to learn new
    syntax like PHP, etc. Does Perl provide the session and thread management
    features?

    Best regards,

    Fernie


    "Andy Dingley" <> wrote in message
    news:...
    > On Sat, 20 Nov 2004 20:22:18 GMT, "Fernie"
    > <Fernie@not_thisDocSignings.net> wrote:
    >
    >>I don't do much internet development and I don't use anything
    >>fancy like JSP or ASP server (I've been playing around with CGIs).

    >
    > Fancy ? As a developer, they're a lot less troublesome than CGI. CGI
    > is minimal, crude and I haven't used it in years. If I am writing Perl
    > for web back ends, mod_perl is almost always a better idea than CGI.
    > (I know that CGI doesn't imply formally Perl, but empirically this is
    > usually true)
    >
    >
    >>How do these server platforms identify each anonymous web client?

    >
    > As a web developer, you shouldn't need to worry about this. It's very
    > much something that should be done for you by your middleware. It's a
    > _hard_ problem - like order processing and credit card handling, most
    > web developers just aren't competent to do it well and they should be
    > protected from it.
    >
    > As you rightly phrase it, web clients are anonymous. HTTP is an
    > anonymous and non-stateful protocol. Tracking sessions isn't an easy
    > thing to bolt onto this. Around '97 - '99, just how to track sessions
    > was an issue of some debate. it wasn't clear just how to do it best,
    > and developers often needed to do it themselves. There was even some
    > muttering that it was all HTTP's fault and that it should be
    > re-engineered to support it.
    >
    > Some methods are obvious (IP tracking), but unreliable (proxies).
    > Others, like embedding IDs into URLs, are robust but prone to
    > spoofing. Cookies are good, but might be disabled. Generally you
    > should rely on your middleware to worry about this for you - setting a
    > cookie if it can, munging the URL if it can't. Use that Session
    > object you're given and don't worry too much about the details. If you
    > don't have one, change platform until you do.
    >
    >
    >
    >
    > --
    > Smert' spamionam




    --

    ELKNews FREE Edition - Empower your News Reader! http://www.atozedsoftware.com
     
    Fernie, Nov 23, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?UnVkeQ==?=

    to store or not to store an image

    =?Utf-8?B?UnVkeQ==?=, Mar 29, 2005, in forum: ASP .Net
    Replies:
    6
    Views:
    645
    =?Utf-8?B?UnVkeQ==?=
    Mar 30, 2005
  2. Replies:
    1
    Views:
    938
  3. Replies:
    9
    Views:
    961
  4. Replies:
    2
    Views:
    180
  5. Zach Dennis
    Replies:
    2
    Views:
    151
    Joel VanderWerf
    Jan 8, 2004
Loading...

Share This Page