Maybe someone else then has done what I want to do and can offer some code snippets. The entire site is run using Apache::ASP. I am uploading and downloading files. I am using username/password authentication and storing that username and id in the database in the session information. For security reasons, I am using cgi to do the actual file uploads and downloads. The files are stored outside the web root. I am calling the cgi like: /cgi-bin/download.cgi/102/something.doc. The entry in the database for the file is 102 and the name the client should see is something.doc. I have the file stored internally with a different name. I need to keep track of who downloads what files so that is why I need the session information so I can make the proper SQL call to put the number of the file and the user id into the database. I could add it to the above URL but I have two problems. First is someone else could get credited (blamed) for downloading that file and second is the fact that now I have no way of knowing if the person is actually signed in or not. I need to get the session information using a cgi script so I can verify they have logged in and make the proper entry in the database that they downloaded that file. The reason I need to run it as a CGI is I need this to run as the owner of the web and not the webserver itself. -Earle -----Original Message----- From: Joshua Chamas [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 24, 2001 8:12 PM To: Earle F. Ake Cc: '[EMAIL PROTECTED]' Subject: Re: Apache::ASP "Earle F. Ake" wrote: > > I have an application which I am using the perl based ASP for. All > of my pages except for one as written using this. I need one using plain > perl based cgi so the process runs as the user and not the web server for > file security reasons. The problem is I need to get to some of the Session > information and I can't seem to get it in the cgi. > You can't load Apache::ASP like this in a CGI. You might try to run a program from your ASP script, passing it the needed session information as a argument, or STDIN. You could also set up a CGI that take the session data on the QUERY string, and then use Apache::Filter & Apache::SSI to run that CGI using SSI tactics. --Josh