However, someone suggested also including a session_id in path_info, so that might look like this:
/cgi-bin/instance.cgi/Cuwruf2R4wCg/edit_form?breed_id=2
Off topic, but just to add to this, I think a more common technique is to embed the session ID directly in the URL (not in the PATH_INFO) like this:
http://example.com/Cuwruf2R4wCg/instance.cgi/other_path_info?breed_id=2
Then a rewrite rule (mod_rewrite) or a transhandler (written in C or mod_perl) is used to pull out the session ID and place it in an ENV variable, and the URL is rewritten to the real URL:
http://example.com/instance.cgi/other_path_info?breed_id=2
Which then gets executed as normal. The beauty of a system like this is that you can use relative URLs in your HTML pages, and the session ID continues to get passed to the server by the browser. This makes it much easier to deal with session IDs in the URL. For example if in your HTML you provide a link like this -- <A HREF="otherscript.cgi">link</a> -- then the browser will make the request to http://example.com/Cuwruf2R4wCg/otherscript.cgi
So the session ID gets passed even in static HTML pages.
Here is an example that uses mod_rewrite:
RewriteEngine on RewriteRule ^(.*)/SESSION=([^/]+)/(.*) $1/$3 [E=HTTP_SESSION:$2]
(found on http://hostingworks.com/support/faq/0048)
the above will convert /foo/SESSION=12345/bar/ into /foo/bar/, and places 12345 into an environment variable called $HTTP_SESSION
Having said all this, cookie based sessions are much much easier to deal with, and I rarely bother building in URL based authentication systems in my projects.
Cheers,
Cees
--------------------------------------------------------------------- Web Archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2 To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
