Loading ...
Sorry, an error occurred while loading the content.
 

Session management without cookies?

Expand Messages
  • Andy Schafer
    Hi, I am very new to Perl/CGI but I am working on a simple shopping cart system for my website. I am looking for a way to control my session management without
    Message 1 of 3 , Mar 20, 2007
      Hi,

      I am very new to Perl/CGI but I am working on a simple shopping cart
      system for my website. I am looking for a way to control my session
      management without having to use a cookie. All I need is a way to
      recognize each user just while he/she is at my site and then the cart
      will empty when they leave. I was wondering if there is a way to read
      the user's IP address and use it to save the session until they leave.
      I realize that IP addresses are not a very consistent identifier but
      it won't matter if the IP address is different the next time they come.

      I plan to have a login feature for those that wish to leave and come
      back so I can save their cart contents. But that will be strictly
      voluntary and I will still need a way to keep track of them after they
      log in.

      Is this possible at all? Am I way off track here? Is there a better
      way to achieve this? I really don't want to mess with cookies since so
      many people are shying away from them.

      Thanks for the help
      Andy Schafer
    • Damien Carbery
      ... Only using the IP address would be very insecure, and useless if people use a proxy or NAT router to access your site as you will see one IP address for
      Message 2 of 3 , Mar 21, 2007
        --- In perl-beginner@yahoogroups.com, "Andy Schafer"
        <lostgameparts@...> wrote:
        >
        > Hi,
        >
        > I am very new to Perl/CGI but I am working on a simple shopping cart
        > system for my website. I am looking for a way to control my session
        > management without having to use a cookie. All I need is a way to
        > recognize each user just while he/she is at my site and then the cart
        > will empty when they leave. I was wondering if there is a way to read
        > the user's IP address and use it to save the session until they leave.
        > I realize that IP addresses are not a very consistent identifier but
        > it won't matter if the IP address is different the next time they come.
        >
        > I plan to have a login feature for those that wish to leave and come
        > back so I can save their cart contents. But that will be strictly
        > voluntary and I will still need a way to keep track of them after they
        > log in.
        >
        > Is this possible at all? Am I way off track here? Is there a better
        > way to achieve this? I really don't want to mess with cookies since so
        > many people are shying away from them.
        >
        > Thanks for the help
        > Andy Schafer
        >
        Only using the IP address would be very insecure, and useless if
        people use a proxy or NAT router to access your site as you will see
        one IP address for multiple people.

        Look at including the session ID as part of the URL. PHP's session
        handling code uses either cookies or URLS
        (http://www.php.net/manual/en/ref.session.php). I'm sure if there was
        another option then they'd use it.
      • merlyn@stonehenge.com
        ... Damien Only using the IP address would be very insecure, and useless if Damien people use a proxy or NAT router to access your site as you will see
        Message 3 of 3 , Mar 21, 2007
          >>>>> "Damien" == Damien Carbery <daymobrew@...> writes:

          Damien> Only using the IP address would be very insecure, and useless if
          Damien> people use a proxy or NAT router to access your site as you will see
          Damien> one IP address for multiple people.

          And dangerous if they're coming from AOL and other large nets... every
          hit from an AOL user comes *from* a different address, even within the
          same "page" hit. (Text from .3, image 1 from .5, image 2 from .7, etc.)

          --
          Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
          <merlyn@...> <URL:http://www.stonehenge.com/merlyn/>
          Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
          See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
        Your message has been successfully submitted and would be delivered to recipients shortly.