473,320 Members | 1,862 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Session tracking

I'm writing a rough draft of a suite of small Perl apps that will,
combined, serve as a web site's user sign-up, login, management, and
customized content engine.

I'm having trouble with the concept of one particular part of the
"application" (as it were) - session tracking. Perl itself is handling
user authentication (since I've no idea how Perl could "ask" the server
who just authenticated to htaccess), so the login script will have an
idea for who is "logged in" - but the nature of the web being
connectionless, scripts any further down the line will not have this same
information.

Hence, the idea of a session - I need to store some kind of information
somewhere (in a MySQL database, in this case) that I can reference, any
time that same user clicks another link, so that:

A) The user doesn't have to continually re-authenticate, of course, and,

B) Any pages (scripts) the user visits which deliver content specific to
that user will actually know who the user is.

I have an inkling of how some pages on the web already do this. They
might,

1) Identify the remote host by IP address ("user Joe is logged on at IP
x.x.x.x"). This approach doesn't seem very realistic, though, since
proxies / NAT can make the meaning of "IP address" ambiguous.

2) Assign a session ID (some arbitrary number) to the client, and store
it as a cookie on the client's machine. Unfortunately, not everyone
accepts cookies.

3) Mangle (via script) all URLs on any page the client visits, so that
they include a parameter including a session ID.

In any of these cases, a sessions table (in my db) would cross-reference
the key (IP address / session ID / whatever) with the user id, idle time,
etc., so that any Perl script will always be able to tell "who" is
talking to it.

These are just ideas I imagined - I haven't done any research. (Well,
this is my research.) I don't like (1) or (2) very much, and (3) seems
like a lot of overhead (and URLs that aren't very pretty to look at).

Could anyone give me feedback on other methods I'm not thinking of? Or if
any of the three above really is the de facto standard?

Thanks in advance.
Jul 19 '05 #1
2 5448
David Frauzel <net.weathersongATnemo> wrote in
news:04******************************@news.teranew s.com:
1) Identify the remote host by IP address ("user Joe is logged on at
IP x.x.x.x"). This approach doesn't seem very realistic, though, since
proxies / NAT can make the meaning of "IP address" ambiguous.

2) Assign a session ID (some arbitrary number) to the client, and
store it as a cookie on the client's machine. Unfortunately, not
everyone accepts cookies.

3) Mangle (via script) all URLs on any page the client visits, so that
they include a parameter including a session ID.


I just found a likely number (4) - CGI::Session. I'm reading the docs on
it, and it looks promising. Anyone have real-world experience with this who
could recommend it or name its disadvantages? (The major question I've got
is that, being server-based, is it contingent on the web server software
I'm running?)
Jul 19 '05 #2
If you are using Apache as the web server be sure to check out
the apache modules that deal with session management. Don't waste time
writing
your own. This is a well known requirement and lot of development has been
done
on this. Same goes for authentication

See http://perl-md5-login.sourceforge.net/ for good authentication module

Ashish Desai
(Fidelity; UIC)
"David Frauzel" <net.weathersongATnemo> wrote in message
news:04******************************@news.teranew s.com...
I'm writing a rough draft of a suite of small Perl apps that will,
combined, serve as a web site's user sign-up, login, management, and
customized content engine.

I'm having trouble with the concept of one particular part of the
"application" (as it were) - session tracking. Perl itself is handling
user authentication (since I've no idea how Perl could "ask" the server
who just authenticated to htaccess), so the login script will have an
idea for who is "logged in" - but the nature of the web being
connectionless, scripts any further down the line will not have this same
information.

Hence, the idea of a session - I need to store some kind of information
somewhere (in a MySQL database, in this case) that I can reference, any
time that same user clicks another link, so that:

A) The user doesn't have to continually re-authenticate, of course, and,

B) Any pages (scripts) the user visits which deliver content specific to
that user will actually know who the user is.

I have an inkling of how some pages on the web already do this. They
might,

1) Identify the remote host by IP address ("user Joe is logged on at IP
x.x.x.x"). This approach doesn't seem very realistic, though, since
proxies / NAT can make the meaning of "IP address" ambiguous.

2) Assign a session ID (some arbitrary number) to the client, and store
it as a cookie on the client's machine. Unfortunately, not everyone
accepts cookies.

3) Mangle (via script) all URLs on any page the client visits, so that
they include a parameter including a session ID.

In any of these cases, a sessions table (in my db) would cross-reference
the key (IP address / session ID / whatever) with the user id, idle time,
etc., so that any Perl script will always be able to tell "who" is
talking to it.

These are just ideas I imagined - I haven't done any research. (Well,
this is my research.) I don't like (1) or (2) very much, and (3) seems
like a lot of overhead (and URLs that aren't very pretty to look at).

Could anyone give me feedback on other methods I'm not thinking of? Or if
any of the three above really is the de facto standard?

Thanks in advance.

Jul 19 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: marslee | last post by:
I am a php newbie. I would like to count how many times a user visit a webpage. I know session tracking should be used, but where i put the code? Is it inside the html that the user visit? ...
4
by: Adil Akram | last post by:
I've developed a shopping cart app in ASP, to secure transaction by SSL, it 've put only the checkout page in SSL but all other pages i.e. product, cart etc remains on non SSL connection. How can I...
1
by: James | last post by:
Hello, I'm designing an online shopping cart using ASP. I want the flexibility of session tracking by using URL rewriting but I don't know how I would go about this. I'd like to know how I...
6
by: Patrick Olurotimi Ige | last post by:
I'm tracking usersOnline by adding this code below in my Global.asax file.But i noticed that when a user logs in it keeps adding a new user which thats fine..but when a user logs of it still...
0
by: user2008 | last post by:
Hi all, My application tracking visitor by save several information once in Session_Start global event then store recorded row ID in session variable. Unfortunately, in Session_End global event,...
9
by: Sullivan WxPyQtKinter | last post by:
I do not want to use Cookies in my site since not all web browser support it well and sometimes people close cookie functioning for security reasons. I tried to add hidden field with a sessionID...
0
by: uraanu | last post by:
I am having an issue with sessions and httphandlers. I have some tracking information that I am passing in my url as folders (ie: www.mysite.com/info1/44/info2/55/mypage.aspx) which I am capturing...
43
by: davidkoree | last post by:
I mean not about cookie. Does it have something to do with operating system or browser plugin? I appreciate any help.
0
by: krishna81m | last post by:
Could some one please explain why the session is not being maintained when I am doing a forward in a servlet after setting a cookie. I am even unable to set session attributes or parameters and...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.