Drew Taylor [mailto:[EMAIL PROTECTED]]: > And that is what I am doing for a small project I'm working on now. In my > case, I'm not sure about the capabilities of the remote server, and I know > for sure that I don't have a database available, so session information is > saved via hidden form fields. It's primitive, but was actually a bit of a > challenge to make sure a (unused) hidden field and a visible form element > don't appear in the same <form>. Not my first choice, but it definitely works.
I built and use a module that encodes a session hash into a number of hidden fields with a security MD5 sum. The encoded information is serialized, gzipped, Base64 encoded, and then split into reasonable length hidden fields. It looks like this: <input type="hidden" name="_fc_part000" value="eJx9zVEKwyAQhOEbhSiBhL2MrI1GW3VhR8n1a6HPeR6++ZNZCQd15YYYFIZWWEuQ2G/W4 IKqqDul"> <input type="hidden" name="_fc_part001" value="cm5Ic7Ab3UneXNmL7ym3C33EuLykTmywE0IpLp9jHu/0l2ye5UZ+lM+v/gUagTUd"> <input type="hidden" name="_fc_security" value="e99478182b7c579ce65dddb676bbe52e"> This way, you don't have to worry about creating hidden form fields in your templates for every variable you need to encode. In your perl, simply call the session encode and decode methods. You are also assured that nobody messed with the data. You can easily "pass" arbitrarily complex session information from one page to another without using a database, and the session info is truly tied to the *page*. Use of the back button, therefore, doesn't break anything. I've attached some code. To use the code, you'll have to replace the module FreezeThawLite with Storable. Also, beware the \r\n newlines. (I pulled this out of CVS on my windows desktop.) HTH. David
