Re^3: Passing flags between invocations of a cgi script

The thing to keep in mind is that your script is started, deals with a request and then terminates. Nothing should survive except what you have written to disk, and what the user knows.

But you can't trust the user, so don't believe anything they say or the sister of bobby tables will tell you that her name is "admin", authenticated=1 and/or score=1000000 ;)

Instead of real info, only give them a session ID that is really hard to guess (say, 32 random hex characters), and delete session info that is older than 30 minutes. Use the string they reply with to find and load the user's session info (last question/score/login name/etc). If it doesn't exist, send them to the login screen.

Edit: Fixed link

Comment on Re^3: Passing flags between invocations of a cgi script

Replies are listed 'Best First'.
Re^4: Passing flags between invocations of a cgi script by Herbert37 (Novice) on May 17, 2010 at 20:43 UTC
I think I have managed to make this seem more difficult than it is (which would not be a first). The user's replies are in the form of radio button clicks. Never, never, never anything more. No text fields. No nothing. They are being tested on their ability to translate English medical terms correctly. This is strictly multiple choice. It's just that if they choose wrong, I would like to leave the wrong choice up there and have them take another go at it before giving them the next word. And that is the rub. I just can't figure out a way to give them a second go. Giving them a new question is pretty straightforward. I'm not interested in their score either. They can keep score themselves. Sorry for all the bother.	[reply]
Re^5: Passing flags between invocations of a cgi script by wanna_code_perl (Friar) on May 17, 2010 at 20:51 UTC
For simple scripts, I might use something like: `my $foo = $q->param('foo') // 'Default Value';` This gives precedence to the CGI form data, but if no form data for that value exists, assign a default (which in this case is 'Default Value'). The // operator requires Perl 5.10. Older versions of Perl will need the clumsier: `my $foo = defined $q->param('foo') ? $q->param('foo') : 'Default Value';` For non-trivial scripts, I usually put this in a loop, with a predetermined hash of defaults and allowed variable names. There's a good chance you'll need some additional logic as well, to validate user input and protect against invalid form submissions. Edit: Forgot `defined' on 2nd example, which was sort of the whole point of that example. :-) (Thanks chromatic.)	[reply] [d/l] [select]
Re^6: Passing flags between invocations of a cgi script by chromatic (Archbishop) on May 18, 2010 at 16:18 UTC
To replicate the defined-or operator, ancient versions of Perl require the far clumsier: `my $foo = defined $q->param('foo') ? $q->param('foo') : 'Default Value';`	[reply] [d/l]