Reasonable cgi session skeleton?

I fear there might be a deep bug
in my mental model of cgi and sessions.

To begin with, I find it difficult to debug Ruby cgi
scripts on my local server(OmniHTTPd under Windows).
If the browser (Opera 6.04) dislikes something, I do
not get any usable diagnostics.

I am using a cgi script that calls itself (method
POST) and I am trying to
be able to switch between past sessions or to create
new sessions, i.e. to maintain state.

Also, I find it hard to know what and when to escape
and/or unescape when I want
to save and recall composite items.

Probably someone has already put together a perfect
example of session management that goes beyond the
example in the Pickaxe book, from which Icould learn.

I’ve been told that the PHP enthusiasts have got it
all solved perfectly, but I hope I need not dig into
that.

There is a shopping cart example in
"CGI Programming with Perl, Chapter 11, Maintaining
State", which probably answers part of my questions
for Perl CGI scripts, but it looks very bulky.
In Ruby, there ought to be something very simple for a
basic session pattern.

Any suggestions?

Jan

···

Do You Yahoo!?
Yahoo! Autos - Get free new car price quotes

Jan,

Probably someone has already put together a perfect example of
session management that goes beyond the example in the Pickaxe book,
from which Icould learn.

This is a snippet from some code that I wrote awhile ago to do session
management. I don’t know if it’s “perfect”, but it seems to do exactly
what I want, and is generic in application.

We create a new session if the user doesn’t have one and we just
performed a successful “login”, and store some information (a
timestamp and a username). Otherwise we take the existing session,
assuming it hasn’t expired.

···

require “cgi/session”

[ … further down…]

Die if we don’t have a cookie and we’re not logging in.

if(cgi.cookies.empty? && cgi[‘request’][0] != ‘dologin’)
showhtml(cgi, “login.tmpl”, { “warning” => “You are not logged in.” })
exit
else
if(cgi[‘request’][0] != ‘dologin’)
# Read an existing session
sess = CGI::Session.new(cgi,
“session_key” => “my_session”,
“prefix” => “my_session.”,
“new_session” => false)

Note that setting “new_session” => false means that we will NOT

create a new session, just re-use any existing session the user has.

Make sure the session isn’t older than 15 minutes.

if((Time.now.to_i - sess['timestamp'].to_i) > 900 || ! sess['timestamp'])
  showhtml(cgi, "login.tmpl", { "warning" => "Your session has expire

d. Please log in again." })
exit
end
sess[‘timestamp’] = Time.now.to_i
end
end

[ …further down, processing successful login information ]
if(authenticate(cgi[‘user’][0], cgi[‘passwd’][0]))
sess = CGI::Session.new(cgi,
“session_key” => “my_session”,
“prefix” => “my_session.”,
“new_session” => true)

Here we set “new_session” => true, to create a new session. Probably

unnecessary, but it never hurts to be explicit.

sess['user'] = cgi['user'][0]
sess['timestamp'] = Time.now.to_i
front_page(cgi['user'][0])

else
httperr(cgi, “Login Incorrect”)
end

HTH,

Dan

/^Dan Debertin$/
airboss@nodewarrior.org
www.nodewarrior.org
ignorami: n:
The art of folding problem users into representational shapes.