HTTP state management without cookies?
Geoffrey Talvola
gtalvola at nameconnector.com
Wed Feb 20 11:15:12 EST 2002
Steve Holden wrote:
> ... That's why a recent
> thread concluded you EITHER pass session id through all URLs
> OR use a cookie
> to identify the session.
Webware's WebKit app server has a different approach that doesn't require
cookies and also doesn't require adding the session ID to all URL's. It has
an option to use "automatic path sessions". If you turn on this option,
then WebKit will redirect a request without a session ID like:
http://foo.bar/cgi-bin/WebKit.cgi/MyServlet
to:
http://foo.bar/cgi-bin/WebKit.cgi/_SID_=3678268432/MyServlet
Since the session ID comes _before_ the name of the servlet, all relative
links work just fine. WebKit knows how to parse the URL and extract the
session ID.
What makes this work is that WebKit passes all requests through a single CGI
script (or uses the special mod_webkit Apache module) and uses its own logic
to determine how to map the URL to a servlet file. It would be hard to make
this work with plain CGI. Perhaps you could use some mod_rewrite magic to
transform:
http://foo.bar/_SID_=2374820394/myscript.cgi/
into:
http://foo.bar/myscript.cgi?_SID_=2374820394
so the same trick will work for CGI?
- Geoff
More information about the Python-list
mailing list