Saving Browser State without Cookies

Gerson Kurz gerson.kurz at
Tue Feb 5 14:28:09 EST 2002

On Tue, 5 Feb 2002 12:48:29 -0700, "Orr, Steve" <sorr at>
>I need to migrate a web application from PHP to Python and I have a
>requirement to save state info WITHOUT using cookies where much of the state
>data MUST not be visible to the end users. The PHP application allows users

I'm not quite sure if that is what you need, but give it a try.

1) Write an outer frame, so that the user cannot see the inner links.
2) Encoded the state in the href links. In the code below, you can
fill a plain python dictionary with any kind of data you want, and
encode/decode it in the generated URL. As long as you keep in mind
(1), the user won't know.

Here is a very simple example:

#!/usr/bin/python -u

import cgi, sys, os, string, binascii, copy

# this func generates a dictionary ("a") that
# has all the state variables you wanna keep
# and returns an encoded string
def GenerateLinkData(value=None):
    global args
    a = copy.copy(args)
    if value is not None:
        a['value'] = value
    s = str(a)
    return binascii.b2a_hex(s)

# helper function for generating a link to a state 
def GenerateLink(value=None):
    return "/cgi-bin/" % GenerateLinkData(value)

# decode "cmd" arg
def GetArguments(form):
    result = { 'value':1 }
    if form.has_key('cmd'):
            new_dict = eval(binascii.a2b_hex(form['cmd'].value))
            for key in new_dict.keys():
                result[key] = new_dict[key]
    return result

form = cgi.FieldStorage()
args = GetArguments(form)  

print "Content-type: text/html\n"

value = args['value']

print '<html><body><p>State = %d.' % value
print '<a href="%s">Click me.</a>' % GenerateLink(value+1)
print '</p><body></html>'

Something like that, only bigger, and with sourcecode:

More information about the Python-list mailing list