Re: Re: Re: Re: How do they expect cookies to work (like this)??

Replies are listed 'Best First'.
Re: Re: Re: Re: Re: How do they expect cookies to work (like this)?? by antirice (Priest) on Sep 30, 2003 at 19:15 UTC
Ok. I'm going to introduce you to a very important concept in CGI programming and I truly hope that you consider it very carefully. CGI is stateless. Stateless? What in the world do I mean by that? Quite simply: any time your page is accessed, it isn't aware of any other accesses to that page whether they came ten seconds ago or a year ago. Do not think of a person coming to your site and having your script continue to run and somehow magically read across multiple submissions. The script is given certain parameters, such as actual parameters, cookies, environmental variables, etc and it runs based upon the values it was given. That's it. That is the magic of CGI. Now the trick is in making the script cater to different inputs. Also note that the parameters, cookies, environmental variacles, etc may not be the same between submissions. For instance, when someone submits a form, the parameters that are submitted to your script disappear once your script exits (unless you serialize them into a database, a flat file or a cookie). Thus if their cookie is already set when the script is run, the parameters are highly likely to be GONE. In the script I provided, it checks for three possible scenarios: You get a cookie with the name "val". You get a parameter with the name "val". You don't get jack. In the first case they've presented credentials that say they should pass. At this point, there may be parameters due to them going through the form twice but it doesn't matter because they've already passed. In the second case, they present credentials that say they should pass but we know that they will have no token to prove it in the future unless we magically provide them with something that allows us to check their credentials in the future. Thus we give them these credentials in the form of a cookie so that next time they come in, they will pass. In the third case, we know we can't trust them yet because they haven't proven that they have the required credentials. Thus we ask them for credentials with a form. The thing about this is that at the last two checks, we still offer something to alter the inputs that the browser will give us next time. Should the browser not support forms or cookies, our cgi script will not work because the script knows nothing about the previous submissions due to the fact that the script is stateless. By the way, in case you are interested in introducing states to CGI, you can emulate a stateful environment by using CGI::Session. It will give the client a sessionid which will identify the session object for later retrieval by your script. Thus you can serialize your parameters into the session object and use it to keep your form values alive. Hope this helps. antirice The first rule of Perl club is - use Perl The ith rule of Perl club is - follow rule i - 1 for i > 1	[reply]

Replies are listed 'Best First'.

Re: Re: Re: Re: Re: How do they expect cookies to work (like this)??
by antirice (Priest) on Sep 30, 2003 at 19:15 UTC

Ok. I'm going to introduce you to a very important concept in CGI programming and I truly hope that you consider it very carefully. CGI is stateless.

Stateless? What in the world do I mean by that? Quite simply: any time your page is accessed, it isn't aware of any other accesses to that page whether they came ten seconds ago or a year ago. Do not think of a person coming to your site and having your script continue to run and somehow magically read across multiple submissions. The script is given certain parameters, such as actual parameters, cookies, environmental variables, etc and it runs based upon the values it was given. That's it. That is the magic of CGI. Now the trick is in making the script cater to different inputs. Also note that the parameters, cookies, environmental variacles, etc may not be the same between submissions. For instance, when someone submits a form, the parameters that are submitted to your script disappear once your script exits (unless you serialize them into a database, a flat file or a cookie). Thus if their cookie is already set when the script is run, the parameters are highly likely to be GONE.

In the script I provided, it checks for three possible scenarios:

You get a cookie with the name "val".
You get a parameter with the name "val".
You don't get jack.

In the first case they've presented credentials that say they should pass. At this point, there may be parameters due to them going through the form twice but it doesn't matter because they've already passed. In the second case, they present credentials that say they should pass but we know that they will have no token to prove it in the future unless we magically provide them with something that allows us to check their credentials in the future. Thus we give them these credentials in the form of a cookie so that next time they come in, they will pass. In the third case, we know we can't trust them yet because they haven't proven that they have the required credentials. Thus we ask them for credentials with a form. The thing about this is that at the last two checks, we still offer something to alter the inputs that the browser will give us next time. Should the browser not support forms or cookies, our cgi script will not work because the script knows nothing about the previous submissions due to the fact that the script is stateless.

By the way, in case you *are* interested in introducing states to CGI, you can emulate a stateful environment by using CGI::Session. It will give the client a sessionid which will identify the session object for later retrieval by your script. Thus you can serialize your parameters into the session object and use it to keep your form values alive.

Hope this helps.

antirice
The first rule of Perl club is - use Perl
The ith rule of Perl club is - follow rule i - 1 for i > 1

[reply]