Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

comment on

( [id://3333]=superdoc: print w/replies, xml ) Need Help??

A session id should not be much more than a key used to get state information kept on the server side. Common ways to implement this are:

Cookies
Pretty standard, supported by most (current?) browsers although disliked by some users. Tend to remain in the computer, so this may be an issue with users in public access terminals.
Hidden (or not so) variables
Usually complicate your design and may get in the way. A variant, using visible variables with the GET method can be problematic if the user bookmarks the page (the variable will stay with the link forever).
Mangled URIs
Similar to exposed GET HTTP variables, this technique consists in mangling the URI to keep there the session id.

(I may have left some other way outside of this node). Keep in mind that it should be as hard as possible/practical to guess the value of another user's session id. In your case, this may lead to leaked user information or tampered carts.

If you configure it properly with mod_usertrack, Apache will supply a good enough cookie to your users, which you may use for referencing the data you keep on the server side. This of course, requires users to accept your cookies.

You'll find modules such as Apache::Session to be of help, although looking at your question, I wonder if following the CGI::Application path wouldn't be a better choice.

As implied by my above statements, never use the session id to directly store the information you want to preserve. By its nature, the session id comes and goes from the client to the server and back. Not following this advice, may lead to compromised customer information (the session info you kept in the id) or even succesful attacks against your web application, as an attacker may forge the contents of the session id. Sorry if you already knew this or if I sound alarmist, but in my line of work, I find this mistake over and over again.

Best regards

-lem, but some call me fokat


In reply to Re: using session ids by fokat
in thread using session ids by Anonymous Monk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others rifling through the Monastery: (3)
As of 2024-03-29 06:58 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found