On Fri, 22 Jun 2007, Raymond Wan wrote:
> Hi Timothy,
>
> Timothy S. Nelson wrote:
>> > So, is there a way to keep this information between user requests or is
>> > my only option to set a cookie on the client side?
>>
>> Yes, and sort-of-yes :).
>>
>> I'm using CGI:Session to keep the users' details. But I give the user
>> a cookie, which then links them to the session. It's also possible to
>> pass a variable with the session ID around between requests, but this is
>> more hassle than cookies.
>>
>> An alternative would be to use HTTP auth, and use that to retrieve
>> session information.
>
> Ok, thanks! I think I'll stick to a session key look-up into a database,
> with the session key set as a cookie. HTTP auth...well, good to know, but
> I'm worried that this is getting far beyond me. A little bit at a time...
> :-) But thank you! Always good to know options...
HTTP auth is actually stacks easier to implement, but it has
drawbacks.
http://fishbowl.pastiche.org/2003/12/30/saving_http_authentication
The link above discusses the advantages and drawbacks of HTTP auth.
He's actually wrong about optional HTTP auth -- it's possible (with mod_perl
but not CGI), but it's a hassle to do optional HTTP auth. With a few little
changes to apache, it would be easy, but so far, they haven't seen fit to make
those changes.
Anyway, I guess what I'm saying is, HTP Auth is good if:
1. You can live with the drawbacks listed above (including no optional
auth)
2. AND You're using mod_perl
Otherwise, it's a pain.
:)
---------------------------------------------------------------------
| Name: Tim Nelson | Because the Creator is, |
| E-mail: [EMAIL PROTECTED] | I am |
---------------------------------------------------------------------
----BEGIN GEEK CODE BLOCK----
Version 3.12
GCS d+++ s+: a- C++$ U+++$ P+++$ L+++ E- W+ N+ w--- V-
PE(+) Y+>++ PGP->+++ R(+) !tv b++ DI++++ D G+ e++>++++ h! y-
-----END GEEK CODE BLOCK-----
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Mason-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mason-users
