P is for Practical | |
PerlMonks |
Re: question on program flow and checking for cgi-sessionby JanneVee (Friar) |
on Jul 14, 2004 at 17:45 UTC ( [id://374362]=note: print w/replies, xml ) | Need Help?? |
1. If your script sends a session id, everyone who visit the script would get a session id. Answers are reversed to make it a little easier. 3. Usually the session id is sent throgh the answer http header as a cookie. It is designed to be a 32 byte random number, that makes a hijack of someone elses session more difficult. Then when a user progresser through the site the user sends back the 32 byte number to mark a valid session. So when the script receives a sessionnumber it should not send a new sessioncookie. The received cookie is set up to compare to sessiondata stored on the server usually in a tmp-file. 2. The session file should just hold a user_id, so if the session-tmp-file exists on a particular session the user_id could be retrieved through the file. Also if you don't want to have a sessionfile you could hold the session information in the db.
In Section
Seekers of Perl Wisdom
|
|