Maybe someone else then has done what I want to do and can offer
some code snippets.
The entire site is run using Apache::ASP. I am uploading and
downloading files. I am using username/password authentication and storing
that username and id in the database in the session information.
For security reasons, I am using cgi to do the actual file uploads
and downloads. The files are stored outside the web root. I am calling the
cgi like: /cgi-bin/download.cgi/102/something.doc. The entry in the
database for the file is 102 and the name the client should see is
something.doc. I have the file stored internally with a different name.
I need to keep track of who downloads what files so that is why I
need the session information so I can make the proper SQL call to put the
number of the file and the user id into the database. I could add it to the
above URL but I have two problems. First is someone else could get credited
(blamed) for downloading that file and second is the fact that now I have no
way of knowing if the person is actually signed in or not.
I need to get the session information using a cgi script so I can
verify they have logged in and make the proper entry in the database that
they downloaded that file. The reason I need to run it as a CGI is I need
this to run as the owner of the web and not the webserver itself.
-Earle
-Original Message-
From: Joshua Chamas [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 24, 2001 8:12 PM
To: Earle F. Ake
Cc: '[EMAIL PROTECTED]'
Subject: Re: Apache::ASP
"Earle F. Ake" wrote:
I have an application which I am using the perl based ASP for.
All
of my pages except for one as written using this. I need one using plain
perl based cgi so the process runs as the user and not the web server for
file security reasons. The problem is I need to get to some of the
Session
information and I can't seem to get it in the cgi.
You can't load Apache::ASP like this in a CGI. You might
try to run a program from your ASP script, passing it the
needed session information as a argument, or STDIN.
You could also set up a CGI that take the session data
on the QUERY string, and then use Apache::Filter Apache::SSI
to run that CGI using SSI tactics.
--Josh