HTTP state management without cookies?
Simon Willison
cs1spw at bath.ac.uk
Tue Feb 19 18:09:38 EST 2002
You need to use a server side session with a unique session identifier
passed in the URL. Basically when a user visits your page you create a
random string (20 characters long is probably long enough) and create a
record in a database or file recording that string. You also ensure that
EVERY link on the page has this random string tagged on to it:
nextpage.py?s=xdf98dsyfisdof
Every time the user clicks a link the new page will "know" who they are
by looking at the session passed in the URL. You can also send this
unique identifier as a hidden form field whenever you ask the user to
fill in a form.
As far as storing information goes you need some kind of server side
storage mechanism that can "remember" things about the user who's
session is xdf98dsyfisdof - a good way of doing this is by pickling a
python data structure and calling the file "xdf98dsyfisdof.sess" or
something like that.
HTH
Simon
Lutz Schroeer wrote:
> I'm creating a website which makes intensive use of cgi scripts and there
> is the possibility for the visitor to register as a user for having the
> ability to customize the site appearance, contents and other stuff.
>
> Jumping from one script to the other I need to remember at least the user's
> name. The W3C recommends using cookies (RFC 2109). Unfortunately many
> people don't like cookies and filter them using WebWasher or a personal
> firewall.
>
> Is there any other technique for keeping the user's data while he is using
> my site without installing any large suite as Zope or the like? I've read
> an article about utilizing soft links but I didn't quite get the point.
>
> Lutz
> --
> (http://www.kybernetik-manufaktur.de)
>
More information about the Python-list
mailing list