access and session control

Dan Aronson (dan@wais.com)
Wed, 14 Sep 94 20:55:17 PDT


Hi,
I've been designing and am about to implement some session control and
access restrictions for some documents served, searched and retrieved via
a web server. This is meant as a stop gap thing until the world has
some for of secure http clients/servers. The basic design is that
all acesses will go through a CGI program. This program will modify any
URL's in documents to ensure the triggering the URL while redirect it's
action via the CGI program. The program will also add some a session key
to the URL. For example, if a document contained the following:

<A HREF=http://foo.bar/baz.html> (where my server is running on foo.bar)

this might be rewritten as:

<A HREF=http://foo.bar/cgi-bin/access?file=baz.html+session_key=SK>

(where SK is the session key which gets passed around)

The web server while keep state associated with the session key.

I assume that similar things have been done. Does anyone have any pointers?

--Dan Aronson dan@wais.com
WAIS Inc