Could someone point me to a good online tutorial for session id management. I am trying to find out how to append a session id to the url. I am running Mysql as the database where the session id is stored and I am using Perl. If someone has an example, it is welcome.
Given that a URL has the syntax: <scheme>://<authority><path>?<query>#<fragment> your session id would reside in the <query> portion of the URL.
you can manually modify the query: name1=value1&name2=value2
but make sure that the names and values are URL encoded (some characters are reserved and must be encoded when used in a URL) - use the URI::Escape module to accomplish this.
use the URI module to play with your existing URL, something like this should work:
use strict; use URI; use URI::Escape;
my $session_id = '=12345678&';
my $url = new URI 'http://myserver/script?param1=value1';
$url->query(join '&', $url->query, 'session_id='.uri_escape($session_id));
print $url;
If you have a form based application (using the CGI module) you can append the session id to the form:
$query->append(-name=>'session_id',-values=>[$session_id]);
or use a hidden form field:
print $query->hidden(-name=>'session_id',-default=>[$session_id]);
Having said all that, most people implement a session id via cookies - they are easier to maintain, more difficult to forge and can easily be set to expire, see CGI::Cookie for details.
persitent client state http cookies: http://wp.netscape.com/newsref/std/cookie_spec.html
HTTP state management mechanism RFCs: http://www.ietf.org/rfc/rfc2965.txt http://www.ietf.org/rfc/rfc2109.txt
an introduction to CGI: http://www.w3.org/CGI/
-- Simon Oliver
_______________________________________________ Perl-Win32-Admin mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
