Re: Statefulness (was ...URL...)

Pat La Claire (excalib!sparcy!pat@ucsd.edu)
Fri, 1 Dec 95 08:30:22 PST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Darren New: "Re: Statefulness (was ...URL...)"
Previous message: Liza Daly: "Re: A (silly) observation"
Maybe in reply to: Shel Kaphan: "Statefulness (was ...URL...)"
Next in thread: Darren New: "Re: Statefulness (was ...URL...)"

> > Using the username/password as an identificator for a server-side session
> > state object.
>
> Unfortunately, the server can't set that. It would be nice if it could,
> but you have to get the user to type it in, which can be annoying.
> --Darren

we're required to have *some* form of access control to our httpd server. we
require a username/password combination to "login" to our application. once
login has been authorized, we generate a unique session key to identify this
user in the system until the user either logs out or timeouts. the session
key is passed between the forms as a hidden field. our cgi program embeds
the session key in the next form served. this way we maintain whatever state
information that we need in our application (which is a server that the cgi
calls). the application maintains a "user thread" that contains lots of stuff,
and is keyed off the session key.

this access control is by not means bullet proof, but all we need at this time.

Next message: Darren New: "Re: Statefulness (was ...URL...)"
Previous message: Liza Daly: "Re: A (silly) observation"
Maybe in reply to: Shel Kaphan: "Statefulness (was ...URL...)"
Next in thread: Darren New: "Re: Statefulness (was ...URL...)"