HTTP state management without cookies?

Simon Willison cs1spw at
Wed Feb 20 00:09:38 CET 2002

You need to use a server side session with a unique session identifier 
passed in the URL. Basically when a user visits your page you create a 
random string (20 characters long is probably long enough) and create a 
record in a database or file recording that string. You also ensure that 
EVERY link on the page has this random string tagged on to it:

Every time the user clicks a link the new page will "know" who they are 
by looking at the session passed in the URL. You can also send this 
unique identifier as a hidden form field whenever you ask the user to 
fill in a form.

As far as storing information goes you need some kind of server side 
storage mechanism that can "remember" things about the user who's 
session is xdf98dsyfisdof - a good way of doing this is by pickling a 
python data structure and calling the file "xdf98dsyfisdof.sess" or 
something like that.



Lutz Schroeer wrote:
> I'm creating a website which makes intensive use of cgi scripts and there 
> is the possibility for the visitor to register as a user for having the 
> ability to customize the site appearance, contents and other stuff.
> Jumping from one script to the other I need to remember at least the user's 
> name. The W3C recommends using cookies (RFC 2109). Unfortunately many 
> people don't like cookies and filter them using WebWasher or a personal 
> firewall. 
> Is there any other technique for keeping the user's data while he is using 
> my site without installing any large suite as Zope or the like? I've read 
> an article about utilizing soft links but I didn't quite get the point.
> Lutz
> --
> (

More information about the Python-list mailing list