Jim,
My recommendation is to write a session file on your server and pass the session
id around with
the browser variables. Now whether you use cookies, get or post to pass the session
id, you don't
have to be passing the actual username. If you don't want to have the user see the
session id, put
it in a cookie, and check to see if the cookie was created, if not, then send it via a
form with
post. If you want to be really sneaky about it, get your session id, then encrypt the
id before
giving it to the individual, so if they modify it, the decrypted version of what they
pass back will
not only not match theirs, but it cant match any one else's session id because it
likely will not
translate into a valid session id format.
Good Luck,
David
----- Original Message -----
From: "Jim Lundeen" <[EMAIL PROTECTED]>
To: "begin begin" <[EMAIL PROTECTED]>
Sent: Monday, July 29, 2002 6:06 PM
Subject: Post to a second CGI script
Hello All,
I have 2 scripts. One accepts 3 values LOGIN_USERNAME, LOGIN_PASSWORD
and ACTION from an HTML form. That script looks in a user table in
MySQL to verify the user. If valid, it passes them to MENU.CGI with
LOGIN_USERNAME and a unique session number (USN).
Here's the question: How to I "post" the LOGIN_USERNAME and USN to the
MENU.CGI script? I don't want the user "carrying" the info around in
the "Location" bar as "?USN=1234&LOGIN_USERNAME=somebody" -- I want it
to be part of the user's Perl process if you know what I mean, so that
if they hit RELOAD the values are still with them. Too, I don't want
someone trying to modify the info if it were in the "Location" bar, so
it needs to be a part of the "post."
Any advice would be much appreciated!
Thanks!
Jim
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
