RE: Apache::ASP (Using Apache::ASP Session information in a CGI script)

2001-01-25 Thread Earle F. Ake 

Maybe someone else then has done what I want to do and can offer
some code snippets.

The entire site is run using Apache::ASP.  I am uploading and
downloading files.  I am using username/password authentication and storing
that username and id in the database in the session information.

For security reasons, I am using cgi to do the actual file uploads
and downloads.  The files are stored outside the web root.  I am calling the
cgi like: /cgi-bin/download.cgi/102/something.doc.  The entry in the
database for the file is 102 and the name the client should see is
something.doc.  I have the file stored internally with a different name.

I need to keep track of who downloads what files so that is why I
need the session information so I can make the proper SQL call to put the
number of the file and the user id into the database.  I could add it to the
above URL but I have two problems.  First is someone else could get credited
(blamed) for downloading that file and second is the fact that now I have no
way of knowing if the person is actually signed in or not.

I need to get the session information using a cgi script so I can
verify they have logged in and make the proper entry in the database that
they downloaded that file.  The reason I need to run it as a CGI is I need
this to run as the owner of the web and not the webserver itself.


-Earle

-Original Message-
From: Joshua Chamas [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 24, 2001 8:12 PM
To: Earle F. Ake
Cc: '[EMAIL PROTECTED]'
Subject: Re: Apache::ASP


"Earle F. Ake" wrote:
 
 I have an application which I am using the perl based ASP for.
All
 of my pages except for one as written using this.  I need one using plain
 perl based cgi so the process runs as the user and not the web server for
 file security reasons.  The problem is I need to get to some of the
Session
 information and I can't seem to get it in the cgi.
 

You can't load Apache::ASP like this in a CGI.  You might
try to run a program from your ASP script, passing it the 
needed session information as a argument, or STDIN.

You could also set up a CGI that take the session data
on the QUERY string, and then use Apache::Filter  Apache::SSI
to run that CGI using SSI tactics.

--Josh

Apache::ASP

2001-01-24 Thread Earle F. Ake 

I have an application which I am using the perl based ASP for.  All
of my pages except for one as written using this.  I need one using plain
perl based cgi so the process runs as the user and not the web server for
file security reasons.  The problem is I need to get to some of the Session
information and I can't seem to get it in the cgi.

I have something like:

#!/usr/bin/perl
use Apache::ASP;

open(OUT, "/tmp/debug.log");
printf OUT ("This should have the session username '%s' information\n",
$::Session-{'username'});
close(OUT);

What else do I have to include to get access to the currently stored
session information?

All my ASP scripts can print the Session information so I know it is
stored properly, but the cgi can not see it.


-Earle
--
Earle Ake
Manager, Internet Services
HCST*Net