CGI Help Needed

Andreas Cardeneo Andreas.Cardeneo at mach.uni-karlsruhe.de
Fri Apr 7 14:54:19 CEST 2000


> 
> What is the normal and respected method of User authentication on a web
> site, how should I present a login box when the user is not authenticated
> already, and how do I maintain a session with an authenticated user, without
> using cookies, allowing them to continue surfing around the web site ?

Hi,

well. I think you're right that this is not exactly Python specific, but
you might
use Python in a CGI-script to look up session-keys. If you have a look
at PHP, then
you will see that there is a function to generate a session key (some
large number
that can not be guessed easily and has some checksum in it) that you
pass to your pages
as a URL paramter in the form "?session=4242424242424242&nextpar=....".
You then evaluate
the key in your script looking it up in a database or file and checking
if it is still
valid.
I would certainly not use JavaScipt to authenticate the user because the
implementations
have some security problems. If I remember correctly Microsoft had
problems on their
Hotmail-system with Javascript. One possibility would be to use the
.htaccess file of
a directory and let the browser/server check authorization. But that's
probably a bad idea
for larger sites. You could better use a form within a frame on your
page so the URL is
not being displayed in the browser location line (but in the HTML code
it is).

Hope this helps,

Andreas



More information about the Python-list mailing list