shaolindoman has asked for the wisdom of the Perl Monks concerning the following question:

Hello all. I'm using CGI Session for a project and had a question about managing cookies. When someone connects to the site should I look for a cookie within each page. And if it doesn't exist then send them to the login page? (Yes I have a member's only section but not all parts are members only). Which leads to my next question. If this is true, then should I pass the session_id in a hidden field to every page I will be calling (displaying) so that I can pull there info from their profile. And if it's not there then 1) create a new session for a non-member page or 2)make them login and then create a new session and set it to logged in.(I'm basically just trying to figure out the algorithm I should use for when someone accesses members vs non members parts of the page and when to start the session or check for the session when someone intially accessing any part of my site directly. I've been using cgi-session Cookbook as my guide.) Thanks

Replies are listed 'Best First'.
Re: Cookie Management
by waswas-fng (Curate) on Jun 28, 2004 at 17:30 UTC
    Create a session for everyone, add a token in the session that is the flag for logged in or not (set to true or the username if the user is logged in, empty if not.) then if the user attempts to access a page that is restricted and the logged in token is not set in the session redirect to the login page. You can visualize the session as being ubiquitous and the login auth portion being a subset.


    -Waswas
[reply]
      Thanks, that's what I had in mind.
[reply]

Back to Seekers of Perl Wisdom