HTTP state management without cookies?

Geoffrey Talvola gtalvola at
Thu Feb 21 16:04:56 CET 2002

Paul Rubin wrote:
> Sent: Thursday, February 21, 2002 9:19 AM
> To: python-list at
> Subject: Re: HTTP state management without cookies?
> Geoffrey Talvola <gtalvola at> writes:
> > I didn't express myself properly.  What I meant is, in a 
> CGI application if
> > you're including the session ID in the query string, then 
> you have to make
> > sure all of your relative links within the site are 
> constructed to include
> > that session ID.  In other words, your links will have to 
> be written like:
> > 
> > '<a href="SomeOtherScript.cgi?_SID_=%s">Link to Some Other 
> Script</a>' %
> > sessionID
> No no, that's what the BASE tag does for you.  It maps
>   <a href=SomeOtherScript.cgi>
> into a request to
> You then use a server side rewrite rule to map the SID path component
> into a query parameter.

I meant that WITHOUT using a rewrite rule, you would have to encode the
session ID unto every URL as a query param.

With a rewrite rule, it's easier -- no need to encode the session ID into
every relative link.  You can either use your method of including a BASE
tag, or you can redirect requests without a session ID so that they include
the session ID (which is what Webware does).  Of course, the drawback is
that you're now tied to a specific Apache feature, so your CGI app is no
longer portable to other web servers.

If your CGI app consists of only a single CGI script, you don't need the
rewrite rule, because you can put the session ID _after_ the name of the CGI
script and use PATH_INFO to get the session ID.  This is how Webware manages
to not need any rewrite rules -- it passes all requests through a single CGI
script WebKit.cgi.

- Geoff

More information about the Python-list mailing list