Re: Security/Ease of use Question

Use a session_id. See CGI::Session. There is lots of stuff here on sessioning. In essence store the session ID in a cookie or hidden field as you choose. Cookies are easiest but may not be active. A hidden field is a little more effort (not much with templates). With a session_id all the *real* data is stored on your server, well out of reach of naughty untrustworthy users.

cheers

tachyon

Comment on Re: Security/Ease of use Question

Replies are listed 'Best First'.
Consider pathinfo by pemungkah (Priest) on Sep 09, 2004 at 17:48 UTC
If you want cookie-like behavior, but don't want to use cookies for it, use pathinfo. This is a perfectly legal URL: `http://your.site.com/cgi-bin/your.cgi/your/pathinfo/here/` [download] The stuff following `your.cgi` ends up in `$ENV{PATH_INFO}`, where you can pick it up and use it. Advantage: doesn't requre cookie support; nice and easy to hang a session ID off there. Disadvantage: it's in the URL, so it's visible and can be messed with.	[reply] [d/l]

Replies are listed 'Best First'.

Consider pathinfo
by pemungkah (Priest) on Sep 09, 2004 at 17:48 UTC

http://your.site.com/cgi-bin/your.cgi/your/pathinfo/here/
[download]

your.cgi

$ENV{PATH_INFO}

Advantage: doesn't requre cookie support; nice and easy to hang a session ID off there. Disadvantage: it's in the URL, so it's visible and can be messed with.

[reply]
[d/l]