CGI and web application question

slok has asked for the wisdom of the Perl Monks concerning the following question:

need to get some suggestions. I am doing some browser based applications for school assignments. Problem is 3 different language are used. They are Perl, PHP and JSP.

Both PHP and JSP have not been covered yet in lectures. But I want to start thinking through how pieces of each will fit in.

One of the question that comes to my mind is:
What is the best way to handle "user logon" module ?
I would think there is some form of session tracking after a user logon. Is using a cookie the best solution since it all 3 langauges will have some way to access the cookie info. to check if the user have logon or not.

Thanks

Comment on CGI and web application question

Replies are listed 'Best First'.
Re: CGI and web application question by kanwisch (Sexton) on May 01, 2002 at 16:40 UTC
I currently develop Ecommerce applications in Perl (with some other stuff mixed in), but I'm considering a shift to Java. The reason: more secure, simpler tracking. I recommend the use of sessions instead of cookies b/c I'm a believer that even if you put a cookie out there, someone can alter it or read it, and you likely don't want that to happen. The safest you can make things from cracking, to me anyway, is to keep that data on the server and just give the users a "pointer" to that info. But then, I haven't actually gotten into using Java in this way, so I'm sure there are other challenges. And certainly Perl's faster to develop than Java/JSP's, and easier to troubleshoot.	[reply]
Re: CGI and web application question by BUU (Prior) on May 02, 2002 at 01:24 UTC
A) if you use session cookies, unless someone is actually on the network doing some packet sniffing and so forth (and what can you really do about that?) I believe it would be fairly secure, as long as you make sure its your session cookie, as there is no way to determine a session cookie from a cookie someoe wrote and stuck on their hardrive (afaik). You might want to look into apache::session i believe is the module name.	[reply]