[EMAIL PROTECTED] writes: > I was just wondering if / how would it be possible to create secure > sessions for a website using Python CGI... I thought of using cookies, > and things looked promising for a while; I could login through a form > which pointed to a cgi script which created sent the user cookies,
Yes, that's the usual way: send a cookie containing either the session ID or the session data, and read it back on the server side. Be very careful about what you put in the cookie: if it's a session ID, it should be a long random string, not a session number like 37 (if you use consecutive numbers, someone can change their number and take over someone else's session). If it's more complex session data, validate it carefully on the server side, maybe by authenticating it with something like the hmac module. -- http://mail.python.org/mailman/listinfo/python-list
