RE: Apache::ASP (Using Apache::ASP Session information in a CGI script)

Thu, 25 Jan 2001 07:04:39 -0800 

        Maybe someone else then has done what I want to do and can offer
some code snippets.

        The entire site is run using Apache::ASP.  I am uploading and
downloading files.  I am using username/password authentication and storing
that username and id in the database in the session information.

        For security reasons, I am using cgi to do the actual file uploads
and downloads.  The files are stored outside the web root.  I am calling the
cgi like: /cgi-bin/download.cgi/102/something.doc.  The entry in the
database for the file is 102 and the name the client should see is
something.doc.  I have the file stored internally with a different name.

        I need to keep track of who downloads what files so that is why I
need the session information so I can make the proper SQL call to put the
number of the file and the user id into the database.  I could add it to the
above URL but I have two problems.  First is someone else could get credited
(blamed) for downloading that file and second is the fact that now I have no
way of knowing if the person is actually signed in or not.

        I need to get the session information using a cgi script so I can
verify they have logged in and make the proper entry in the database that
they downloaded that file.  The reason I need to run it as a CGI is I need
this to run as the owner of the web and not the webserver itself.


-Earle

-----Original Message-----
From: Joshua Chamas [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 24, 2001 8:12 PM
To: Earle F. Ake
Cc: '[EMAIL PROTECTED]'
Subject: Re: Apache::ASP


"Earle F. Ake" wrote:
> 
>         I have an application which I am using the perl based ASP for.
All
> of my pages except for one as written using this.  I need one using plain
> perl based cgi so the process runs as the user and not the web server for
> file security reasons.  The problem is I need to get to some of the
Session
> information and I can't seem to get it in the cgi.
> 

You can't load Apache::ASP like this in a CGI.  You might
try to run a program from your ASP script, passing it the 
needed session information as a argument, or STDIN.

You could also set up a CGI that take the session data
on the QUERY string, and then use Apache::Filter & Apache::SSI
to run that CGI using SSI tactics.

--Josh

Reply via email to