Recent

Author Topic: CGI session and Cokkies.  (Read 1569 times)

BSaidus

  • Hero Member
  • *****
  • Posts: 596
  • lazarus 1.8.4 Win8.1 / cross FreeBSD
CGI session and Cokkies.
« on: May 24, 2024, 04:52:27 pm »
Hello.
Me again, need help on how to use sessions, cookies with pure CGI program.
So, I have created a Custom CGI program, added some code, and I have two web pages
the Login page and the content page.
      - index.cgi
      - login.html
      - content.html.

When a web browser try to get access to the webserver, by default the index.cgi will return login.html to do authentication.
once the user authenticated, the index.cgi will serve content.html.

the user from browser side do not know that there is 'login.html, content.html' since they are served by index.cgi.
So, Is there any way to code this with session, cookies to protect access if the user is not authenticated.

attached code I used, but frankely, it do not work.
Exemples on fcl-web folder do not help.


Thank you.
 
lazarus 1.8.4 Win8.1 / cross FreeBSD
dhukmucmur vernadh!

Thaddy

  • Hero Member
  • *****
  • Posts: 16174
  • Censorship about opinions does not belong here.
Re: CGI session and Cokkies.
« Reply #1 on: May 24, 2024, 06:43:45 pm »
Relying on cookies is a mistake. The server itself can do that!
Cookies are not necessary to maintain server state and client state, unless you want third parties involved.
I designed and implemented that for a BIG financial institution (RABO) for segments of their network.

Cookies are a hoax. But you can not fight them anymore.
(/dev/null)
« Last Edit: May 24, 2024, 06:46:40 pm by Thaddy »
If I smell bad code it usually is bad code and that includes my own code.

BSaidus

  • Hero Member
  • *****
  • Posts: 596
  • lazarus 1.8.4 Win8.1 / cross FreeBSD
Re: CGI session and Cokkies.
« Reply #2 on: May 24, 2024, 06:46:29 pm »
Relying on cookies is a mistake. The server itself can do that!
Cookies are not necessary to maintain server state and client state, unless you want third parties involved.
I designed and implemented that for a BIG financial institution (RABO) for segments of their network.

Cookies are a hoax. But you can not fight them anymore.

Thank you Thaddy.
Ok, no need for Cookies, what do you suggest for keeping track ?
lazarus 1.8.4 Win8.1 / cross FreeBSD
dhukmucmur vernadh!

Thaddy

  • Hero Member
  • *****
  • Posts: 16174
  • Censorship about opinions does not belong here.
Re: CGI session and Cokkies.
« Reply #3 on: May 24, 2024, 06:50:06 pm »
Storing IP and compare to user credentials. If the IP is a new device, ask for confirmation and add that IP to the list of IP's for the user. The same way you can store user state server side. ( It is a bit more complex, but that are the basics )
I would allow session cookies, but not for financial transactions.
« Last Edit: May 24, 2024, 06:52:06 pm by Thaddy »
If I smell bad code it usually is bad code and that includes my own code.

BSaidus

  • Hero Member
  • *****
  • Posts: 596
  • lazarus 1.8.4 Win8.1 / cross FreeBSD
Re: CGI session and Cokkies.
« Reply #4 on: May 24, 2024, 06:56:51 pm »
Thanks, @Thaddy, I've thinked about this:
Code: [Select]
  ARequest.RemoteAddr;
[code]
You confirmed my thought.

Thanks.
lazarus 1.8.4 Win8.1 / cross FreeBSD
dhukmucmur vernadh!

Thaddy

  • Hero Member
  • *****
  • Posts: 16174
  • Censorship about opinions does not belong here.
Re: CGI session and Cokkies.
« Reply #5 on: May 24, 2024, 07:29:17 pm »
There is some nifty code to create one-time pass in trunk. Compatible with Google and MS one time pass.
You are more than the average programmer, so I know you understand this,
« Last Edit: May 24, 2024, 07:32:49 pm by Thaddy »
If I smell bad code it usually is bad code and that includes my own code.

BSaidus

  • Hero Member
  • *****
  • Posts: 596
  • lazarus 1.8.4 Win8.1 / cross FreeBSD
Re: CGI session and Cokkies.
« Reply #6 on: May 26, 2024, 07:20:54 pm »
@Thank you Thaddy.
I'll try to search.
lazarus 1.8.4 Win8.1 / cross FreeBSD
dhukmucmur vernadh!

 

TinyPortal © 2005-2018