HTTP state management without cookies?
Steve Holden
sholden at holdenweb.com
Wed Feb 20 18:25:25 EST 2002
----- Original Message -----
From: "Geoffrey Talvola" <gtalvola at nameconnector.com>
To: "'Steve Holden'" <sholden at holdenweb.com>; <python-list at python.org>
Sent: Wednesday, February 20, 2002 11:15 AM
Subject: RE: HTTP state management without cookies?
> Steve Holden wrote:
> > ... That's why a recent
> > thread concluded you EITHER pass session id through all URLs
> > OR use a cookie
> > to identify the session.
>
> Webware's WebKit app server has a different approach that doesn't
require
> cookies and also doesn't require adding the session ID to all URL's.
It has
> an option to use "automatic path sessions". If you turn on this
option,
> then WebKit will redirect a request without a session ID like:
>
> http://foo.bar/cgi-bin/WebKit.cgi/MyServlet
>
> to:
>
> http://foo.bar/cgi-bin/WebKit.cgi/_SID_=3678268432/MyServlet
>
> Since the session ID comes _before_ the name of the servlet, all
relative
> links work just fine. WebKit knows how to parse the URL and extract
the
> session ID.
>
> What makes this work is that WebKit passes all requests through a
single CGI
> script (or uses the special mod_webkit Apache module) and uses its own
logic
> to determine how to map the URL to a servlet file. It would be hard
to make
> this work with plain CGI. Perhaps you could use some mod_rewrite
magic to
> transform:
>
> http://foo.bar/_SID_=2374820394/myscript.cgi/
>
> into:
>
> http://foo.bar/myscript.cgi?_SID_=2374820394
>
> so the same trick will work for CGI?
>
Geoff:
I appreciate the slightly unusual nature of thios scheme, but I don't
see how it isn't included under the heading "pass session id through all
URLs" as mentioned in my original post.
There's a lot to be gained by ceasing to treat URLs as simple points in
a tree-structured virtual address space, and this highlights some of the
benefits. Thanks for reminding me about the WebKit approach.
regards
Steve
--
Consulting, training, speaking: http://www.holdenweb.com/
Author, Python Web Programming: http://pydish.holdenweb.com/pwp/
"This is Python. We don't care much about theory, except where it
intersects with useful practice." Aahz Maruch on c.l.py
More information about the Python-list
mailing list