Hi Tim -- > I'm developing an employee time tracking app with > CGI::Application. The first run mode will be a login screen. > After login, the options available in each run mode will be > dependent on the user's permissions. What is the best way to do > this kind of session tracking with CGI::App? I want to stay away > from cookies if possible for several reasons. Your first question was "what is the best way to do this kind of session tracking with CGI::App?" My general answer is: Don't! Do authentication and authorization in the web server (as an Apache handler, if you're running Apache). If you're set on doing authentication in CGI-App you're going to find it very difficult to do session management without cookies. There are only two ways to do session management without cookies that I can think of: URL-encoded session IDs or "basic auth". URL-encoded session IDs basically involve each user being initially redirected to a special URL through which all subsequent requests rely. For instance: http://my.site/myapp.pl/q32543fghjfkuf67547/ In this case, "q32543fghjfkuf67547" would be the session ID. You could pick it up from PATH_INFO or a query argument. I've illustrated how this might be implemented in the application layer (as a "CGI"), but this system is far more efficient as an Apache handler via mod_perl. If you want to use "basic auth" you have to use a Apache handler. You cannot write a low-level authentication system without getting into the guts of Apache. For both of these solutions there are modules on CPAN. However, if it was up to me I would go with a simpler, more functional authentication system which uses cookies, and is written as an Apache handler. Warmest regards, -Jesse- -- Jesse Erlbaum The Erlbaum Group suppressed Phone: 212-684-6161 Fax: 212-684-6226 --------------------------------------------------------------------- Web Archive: http://www.mail-archive.com/suppressed/ To unsubscribe, e-mail: suppressed For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.