session handling over HTTP

[news.onet.pl]

Hello

I'm biting into the following problem: HTTP is stateless protocol
and thus net languages' designer had to find out session. As
far as I know session handling in any of the language (PHP, JSP, ASP)
is one of the of the following:
- user's IP, but ambiguous
- using cookies, sometimes disregarded due to possibility of turning off
in a browser; no need to control flow of data, checking links
- controlling every link, the uses can follow, to add session ID; this
means putting session ID into any POST/GET request and is
very uncomfortable, if there is no platform support
- any other known ????

Fortunately PHP/JSP/ASP give transparent usage of session, but
in what a way exactly?

If they use POST/GET request, do they browse through the file
and add hidden field to forms and parameter to every link (querystring)?

I wonder because I'm writing simple HTTP server in Java, providing
session handling.

TIA,

Maciej



--
PLEASE NOTE: comp.infosystems.www.authoring.cgi is a
SELF-MODERATED newsgroup. aa.net and boutell.com are
NOT the originators of the articles and are NOT responsible
for their content.

HOW TO POST to comp.infosystems.www.authoring.cgi:
http://www.thinkspot.net/ciwac/howtopost.html

 

[David Dorward]

Fortunately PHP/JSP/ASP give transparent usage of session, but
in what a way exactly?

If they use POST/GET request, do they browse through the file
and add hidden field to forms and parameter to every link (querystring)?

PHP uses cookies, and rewrites all links and forms as a fallback if the
cookie isn't accepted.


--
David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/>
Home is where the ~/.bashrc is

--
PLEASE NOTE: comp.infosystems.www.authoring.cgi is a
SELF-MODERATED newsgroup. aa.net and boutell.com are
NOT the originators of the articles and are NOT responsible
for their content.

HOW TO POST to comp.infosystems.www.authoring.cgi:
http://www.thinkspot.net/ciwac/howtopost.html

 

[Malcolm Dew-Jones]

news.onet.pl ([email protected]) wrote:
: Hello

: I'm biting into the following problem: HTTP is stateless protocol
: and thus net languages' designer had to find out session. As
: far as I know session handling in any of the language (PHP, JSP, ASP)
: is one of the of the following:
: - user's IP, but ambiguous

I can't imagine this is ever used.

: - using cookies, sometimes disregarded due to possibility of turning off
: in a browser; no need to control flow of data, checking links
: - controlling every link, the uses can follow, to add session ID; this
: means putting session ID into any POST/GET request and is
: very uncomfortable, if there is no platform support
: - any other known ????

: Fortunately PHP/JSP/ASP give transparent usage of session, but
: in what a way exactly?

They use cookies if they can, and if not then some environments will do
url rewriting. I.e. the server monitors the URLS being sent to clients
and rewrites them to include a session id parameter.

: If they use POST/GET request, do they browse through the file
: and add hidden field to forms and parameter to every link (querystring)?

The server parses the data being sent and modifies some of the urls it
sees.

: I wonder because I'm writing simple HTTP server in Java, providing
: session handling.

Use cookies. It's simple, it works. If a user wants to login then they
will need to accept cookies. That is no different than (for example)
requiring a user to register on a site before they get to post. The user
either does what you ask and gets the functionality, or they choose to not
get the functionality - their choice.

Using cookies today wouldn't stop you from add url rewriting to your
server later on.


--

This space not for rent.

--
PLEASE NOTE: comp.infosystems.www.authoring.cgi is a
SELF-MODERATED newsgroup. aa.net and boutell.com are
NOT the originators of the articles and are NOT responsible
for their content.

HOW TO POST to comp.infosystems.www.authoring.cgi:
http://www.thinkspot.net/ciwac/howtopost.html

 

[mbstevens]

Hello

I'm biting into the following problem: HTTP is stateless protocol
and thus net languages' designer had to find out session. As
far as I know session handling in any of the language (PHP, JSP, ASP)
is one of the of the following:
- user's IP, but ambiguous
- using cookies, sometimes disregarded due to possibility of turning off
in a browser; no need to control flow of data, checking links
- controlling every link, the uses can follow, to add session ID; this
means putting session ID into any POST/GET request and is
very uncomfortable, if there is no platform support
- any other known ????

Fortunately PHP/JSP/ASP give transparent usage of session, but
in what a way exactly?

If they use POST/GET request, do they browse through the file
and add hidden field to forms and parameter to every link (querystring)?

I wonder because I'm writing simple HTTP server in Java, providing
session handling.

TIA,

Maciej

Perl gives you a choice of setting cookies, saving state to a local
file, or creating a self-refernecing URL that preserves state
information.. It is all handled easily and mostly transparentlyby the
module 'CGI.' If you have access to *nix, just do a 'man CGI' for lots
of details.

--
PLEASE NOTE: comp.infosystems.www.authoring.cgi is a
SELF-MODERATED newsgroup. aa.net and boutell.com are
NOT the originators of the articles and are NOT responsible
for their content.

HOW TO POST to comp.infosystems.www.authoring.cgi:
http://www.thinkspot.net/ciwac/howtopost.html