Saving Browser State without Cookies

[Paul Rubin]

"Orr, Steve" <sorr at rightnow.com> writes:
> Python Newbie here.
>  
> I need to migrate a web application from PHP to Python and I have a
> requirement to save state info WITHOUT using cookies where much of
> the state data MUST not be visible to the end users. The PHP
> application allows users to logon to one of several databases using
> any of a number of Oracle user/passwords. The logon info needs to be
> saved for queries on other pages in the app. With PHP it's easy to
> avoid cookies by saving this info using its session handling
> functions. Is there an EASY way to do this in Python without having
> to adopt the Mother of all frameworks?

I don't know how PHP tracks sessions without using cookies--probably
by putting a session identifier into the URL's?  You can do the same
in Python to identify sessions.  To go on from there, I have to ask:

1) What web server are you using?

2) What Python integration (cgi's? mod_python?  etc.)

3) Is there just some fixed list of database passwords that don't
   change while the application is running?

If mod_python, there may already be some PHP-like session scheme-- I
haven't checked.  There are also some simple Python template systems
that might do that.  Finally, if you're using a single-process Python
http server, you can just make a session table in the server.

If there's just a few non-changing passwords, you could number them (1
to 5, say) and include the number as part of the session ID in the URL.
The application can then decode it statelessly and look up the right
password in a table.

Finally, if you want dynamic session info using Python cgi's, you can
figure out some simple way to store the session info on the server
side, either in the file system or maybe using the mmap module.