HTTP state management without cookies?
Geoffrey Talvola
gtalvola at nameconnector.com
Thu Feb 21 10:04:56 EST 2002
Paul Rubin wrote:
> Sent: Thursday, February 21, 2002 9:19 AM
> To: python-list at python.org
> Subject: Re: HTTP state management without cookies?
>
>
> Geoffrey Talvola <gtalvola at nameconnector.com> writes:
> > I didn't express myself properly. What I meant is, in a
> CGI application if
> > you're including the session ID in the query string, then
> you have to make
> > sure all of your relative links within the site are
> constructed to include
> > that session ID. In other words, your links will have to
> be written like:
> >
> > '<a href="SomeOtherScript.cgi?_SID_=%s">Link to Some Other
> Script</a>' %
> > sessionID
>
> No no, that's what the BASE tag does for you. It maps
>
> <a href=SomeOtherScript.cgi>
>
> into a request to http://yoursite.com/_SID_=12345/SomeOtherScript.cgi.
>
> You then use a server side rewrite rule to map the SID path component
> into a query parameter.
I meant that WITHOUT using a rewrite rule, you would have to encode the
session ID unto every URL as a query param.
With a rewrite rule, it's easier -- no need to encode the session ID into
every relative link. You can either use your method of including a BASE
tag, or you can redirect requests without a session ID so that they include
the session ID (which is what Webware does). Of course, the drawback is
that you're now tied to a specific Apache feature, so your CGI app is no
longer portable to other web servers.
If your CGI app consists of only a single CGI script, you don't need the
rewrite rule, because you can put the session ID _after_ the name of the CGI
script and use PATH_INFO to get the session ID. This is how Webware manages
to not need any rewrite rules -- it passes all requests through a single CGI
script WebKit.cgi.
- Geoff
More information about the Python-list
mailing list