Pass the user a cookie which contains a key to a session object.
Write the data to the session object using the cookie's key from your mod perl
process. Read back the session data using the key passed to you from the cookie
in the cgi process.
When you set the cookies PATH information, make sure it is high enough up the
directory tree so
it is accessible from both scripts.
The session data can be stored in a flat file, in a database, or in shared
memory.
If it is very sensitive make sure sessions are in a directory writable only by
the apache 'user', and make sure that 'user' cannot use any other means to get
data from your server i.e. telnet, ftp etc..
I am not sure which of the standard session packages are usable from both
modperl and cgi,
since I use modperl exclusively, but it would be easy to write a down and dirty
session package
if you had to.
hope this helps,
cliff rayman
genwax.com
Jason Simms wrote:
> Thanks for the advice, and this brings up another question... Honestly, if
> I were using an internal redirect, I wouldn't need to bother with these
> environment variables at all. The problem is that many times before I do
> this redirect, I also need to set a cookie. Am I correct in assuming that
> an internal redirect does NOT have the ability to set a cookie?
>
> The entire reason I have to do this is that I need to pass sensitive values
> to the CGI script from the module. I do not wish to use a simple query
> string, as the end user would then be able to intercept this. I want to
> pass values to the "child" CGI script (even though it is an entirely new
> request) without them being able to be intercepted easily. Hence, I thought
> if I could give the script access to the environment, I wouldn't need to
> pass the parameters over through the URI. Is there anohter way to do this?
>
> Jason
>
> >If you redirect, that's most likely telling the web browser to fetch
> >the new page. This makes it a totally new request.
> >
> >However, if you're using internal_redirect, then subprocess_env >should do
> >the trick, but the ENV values will be prefixed with >"REDIRECT_".
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
