comment on

The thing to keep in mind is that your script is started, deals with a request and then terminates. Nothing should survive except what you have written to disk, and what the user knows.

But you can't trust the user, so don't believe anything they say or the sister of bobby tables will tell you that her name is "admin", authenticated=1 and/or score=1000000 ;)

Instead of real info, only give them a session ID that is really hard to guess (say, 32 random hex characters), and delete session info that is older than 30 minutes. Use the string they reply with to find and load the user's session info (last question/score/login name/etc). If it doesn't exist, send them to the login screen.

Edit: Fixed link

In reply to Re^3: Passing flags between invocations of a cgi script by SuicideJunkie
in thread Passing flags between invocations of a cgi script by Herbert37

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.