Cookies

Greg Jorgensen gregj at pobox.com
Sat Mar 17 05:39:34 CET 2001


"Ken Seehof" <kens at sightreader.com> wrote in message
news:mailman.984773062.25819.python-list at python.org...
> Here's a restatement of the problem.  It's really about crossing the
sandbox
> barrier.
>
> Does anyone know of another mailing list more specific to http questions?
>
> 1. Client downloads an execuatable (frozen python application).
> 2. Client downloads a web page.
> 3. Web page javascript generates a statistically unique random identifier.
> 4. Web page sends identifier to the server, which uses it as database key.
> 5. User runs python application
> 6. *** Python application somehow gets the identifier from somewhere ***
> 7. Now the python application and the server both have the same
identifier.

Can you do it like this?

1. Client downloads and runs Python executable
2. Python app sends HTTP request to remote server
3. Server creates unique ID, sends it back to the Python app via HTTP
4. Python app saves the unique ID somewhere (text file, registry) where it
or other Python app can find it later
5. Python app launches web browser, passing server URL + unique ID
6. Web browser opens up remote web page, sending unique ID in the URL
7. Remote server gets unique ID, sends it back to client embedded in the web
page (hidden INPUT field)
8. User fills out form, submits it (along with the unique ID embedded in the
web page)
9. Server saves user's inputs in database record keyed on unique ID

At this point the server could send back a page containing a cookie that has
the unique ID (or whatever) in it. Or you could use JavaScript to create a
bookmark in the user's browser that has your URL + unique ID embedded in it.

Maybe you need two Python apps: one to "prime the pump," i.e. get a unique
ID from the server and save it, and another that does whatever your current
application is supposed to do.

Variations on this could involve writing an HTML page from your Python app
on the user's system, and embedding the unique ID in that page. When the
page is loaded into the browser it sends a URL + unique ID to your server.
For clients using Windows or MacOS you can save a URL as a shortcut on the
desktop; again that URL can be your web page plus the unique ID generated
earlier (e.g. http://www.somesite.com/page.html?id=12345).

Again I advise you to generate the unique IDs on your server, not on the
client side. I've often used a simple scheme that combines a record sequence
number (called an IDENTITY column in SQL Server) and a random number
generated on the server and stored in the database row. The database layout
looks like this:

id: identity column or default value set to a sequence generator (a la
Oracle)
check: default value is a function that generates a random number
user-stuff: name, address, etc.
...

You can send this back as id.check, and pass it in the URL like
id=1234.67132. The server uses the first part to fetch the row, and then
checks to make sure the second bit matches (this can all be done in the SQL
SELECT).

Good luck.

--
Greg Jorgensen / programmer, pedant, raconteur / Portland, Oregon, USA






More information about the Python-list mailing list