On top of the other responses, I'd add:
Your application must keep track of a 'session'. The main ways to do
that are:
o Add a hidden field to each CGI form, in which you send out to the
client the id of their session, so that when the use submits the form
you get back their id. This is my
Hi
I am trying to use the CGI::Application::Plugin::Session but I am getting a
bit confused with what objects are what.
In my cgiapp_init method I have the following:
CGI::Session-name('lsid');
$self-session_config(
CGI_SESSION_OPTIONS = [ driver:File, $self-query, {
Dir=$session_path
Hi
I am trying to use the CGI::Application::Plugin::Session but I am getting
a bit confused with what objects are what.
...
Ok. I have made some progress in pinnign this down and it seems I have a
problem with the session object.
This code recreates the scenario.
package GSystem::Test;
Hi
I am trying to use the CGI::Application::Plugin::Session but I am getting
a bit confused with what objects are what.
...
Ok. I have made some progress in pinnign this down and it seems I have a
problem with the session object.
This code recreates the scenario.
package
Aargh. Ignore all the above. For some insane reason I was using Dir instead
of Directory in the session_config inside the CGI::Application version.
Still... was great opportunity to really get to grips with the module :)
# CGI::Application community mailing list
##
On Wed, 2008-02-06 at 08:16 +, Mark Knoop wrote:
Hi Mark
On top of the other responses, I'd add:
Your application must keep track of a 'session'. The main ways to do
that are:
o Add a hidden field to each CGI form, in which you send out to the
client the id of their session,
Ron Savage wrote:
o Add the session id to the URL. This method has the most problems, and
is not recommended.
The session id is generated by CGI::Session.
Surely 1 and 3 are the same (except possibly you are talking about a post vs
get)?
Not really.
What are the problems with the
o Add the session id to the URL. This method has the most problems, and
is not recommended.
What are the problems with the last option? ...
Google for XSS - Cross-site scripting attacks, as a starter.
I thought the problem with putting the session ID in the URL is that
the user might
Mark Fuller wrote:
o Add the session id to the URL. This method has the most problems, and
is not recommended.
What are the problems with the last option? ...
Google for XSS - Cross-site scripting attacks, as a starter.
I thought the problem with putting the session ID in the URL is that
Hi,
I'm looking at CGI::Application prior to use, and one thing is unclear to me.
I'll outline a little senario to demonstrate the question:
I have a simple app with four run modes - list, view, edit update
list does what it say on the tin - lists records in a data table
view ditto, displays
Mark Fuller said:
I thought the problem with putting the session ID in the URL is that
the user might copy/paste the URL to others. When they try to use it,
the app would have no way to know it's not the real user?
Another problem is bookmarks. A user may bookmark a page, but when they
come
Mike Tonks said:
Hi,
I'm looking at CGI::Application prior to use, and one thing is unclear to
me.
I'll outline a little senario to demonstrate the question:
I have a simple app with four run modes - list, view, edit update
list does what it say on the tin - lists records in a data
12 matches
Mail list logo
