Forum > Networking and Web Programming

CGI session and Cokkies.

(1/2) > >>

BSaidus:
Hello.
Me again, need help on how to use sessions, cookies with pure CGI program.
So, I have created a Custom CGI program, added some code, and I have two web pages
the Login page and the content page.
      - index.cgi
      - login.html
      - content.html.

When a web browser try to get access to the webserver, by default the index.cgi will return login.html to do authentication.
once the user authenticated, the index.cgi will serve content.html.

the user from browser side do not know that there is 'login.html, content.html' since they are served by index.cgi.
So, Is there any way to code this with session, cookies to protect access if the user is not authenticated.

attached code I used, but frankely, it do not work.
Exemples on fcl-web folder do not help.


Thank you.
 

Thaddy:
Relying on cookies is a mistake. The server itself can do that!
Cookies are not necessary to maintain server state and client state, unless you want third parties involved.
I designed and implemented that for a BIG financial institution (RABO) for segments of their network.

Cookies are a hoax. But you can not fight them anymore.
(/dev/null)

BSaidus:

--- Quote from: Thaddy on May 24, 2024, 06:43:45 pm ---Relying on cookies is a mistake. The server itself can do that!
Cookies are not necessary to maintain server state and client state, unless you want third parties involved.
I designed and implemented that for a BIG financial institution (RABO) for segments of their network.

Cookies are a hoax. But you can not fight them anymore.

--- End quote ---

Thank you Thaddy.
Ok, no need for Cookies, what do you suggest for keeping track ?

Thaddy:
Storing IP and compare to user credentials. If the IP is a new device, ask for confirmation and add that IP to the list of IP's for the user. The same way you can store user state server side. ( It is a bit more complex, but that are the basics )
I would allow session cookies, but not for financial transactions.

BSaidus:
Thanks, @Thaddy, I've thinked about this:

--- Code: ---  ARequest.RemoteAddr;
[code]
You confirmed my thought.

Thanks.
--- End code ---

Navigation

[0] Message Index

[#] Next page

Go to full version