CGI Help Needed
Paul Gresham
gresham at mediavisual.com
Fri Apr 7 12:27:43 EDT 2000
Hi Andreas,
Thankyou for your suggestion, (and thanks to everyone else who responded).
Actually I have a book on PHP programming but never looked this up in there,
dispite spending hours searching the web for answers.
For anyone who is interested, Prentice Hall, Core PHP Programming, Atkinson,
ISBN 0-13-020787-X Pages 475-479 has an entire article on PHP session
tracking with a recommended approach and sample code. Exactly what I needed
for my Python project, very simple (as expected) but just one of those
things that looks like magic until you see the trick.
Regards
Paul Gresham
"Andreas Cardeneo" <Andreas.Cardeneo at mach.uni-karlsruhe.de> wrote in message
news:38EDDA7B.47FC3FDE at mach.uni-karlsruhe.de...
>
> >
> > What is the normal and respected method of User authentication on a web
> > site, how should I present a login box when the user is not
authenticated
> > already, and how do I maintain a session with an authenticated user,
without
> > using cookies, allowing them to continue surfing around the web site ?
>
> Hi,
>
> well. I think you're right that this is not exactly Python specific, but
> you might
> use Python in a CGI-script to look up session-keys. If you have a look
> at PHP, then
> you will see that there is a function to generate a session key (some
> large number
> that can not be guessed easily and has some checksum in it) that you
> pass to your pages
> as a URL paramter in the form "?session=4242424242424242&nextpar=....".
> You then evaluate
> the key in your script looking it up in a database or file and checking
> if it is still
> valid.
> I would certainly not use JavaScipt to authenticate the user because the
> implementations
> have some security problems. If I remember correctly Microsoft had
> problems on their
> Hotmail-system with Javascript. One possibility would be to use the
> .htaccess file of
> a directory and let the browser/server check authorization. But that's
> probably a bad idea
> for larger sites. You could better use a form within a frame on your
> page so the URL is
> not being displayed in the browser location line (but in the HTML code
> it is).
>
> Hope this helps,
>
> Andreas
More information about the Python-list
mailing list