Cookie Based SIDΒΆ

A cookie based session has the advantage that it lasts until the cookie expires and, as only the SID travels the net, it is faster and safer. The disadvantage is that the client must have cookies enabled.

The only particularity with the cookie used to set a session is its value. The hash of the server time makes an unique SID for each session:

sid = sha.new(repr(time.time())).hexdigest()

#!/usr/bin/env python

import sha, time, Cookie, os

cookie = Cookie.SimpleCookie()
string_cookie = os.environ.get('HTTP_COOKIE')

# If new session
if not string_cookie:
    # The sid will be a hash of the server time
    sid = sha.new(repr(time.time())).hexdigest()
    # Set the sid in the cookie
    cookie['sid'] = sid
    # Will expire in a year
    cookie['sid']['expires'] = 12 * 30 * 24 * 60 * 60
# If already existent session
else:
    cookie.load(string_cookie)
    sid = cookie['sid'].value

print cookie
print 'Content-Type: text/html\n'
print '<html><body>'

if string_cookie:
    print '<p>Already existent session</p>'
else:
    print '<p>New session</p>'

print '<p>SID =', sid, '</p>'
print '</body></html>'

In every page the existence of the cookie must be tested. If it does not exist then redirect to a login page or just create it if a login or a previous state is not required.

CGI Tutorial

  • Introduction
  • Hello World
  • Debugging
  • Form
  • Cookies
  • Session
    • Cookie Based SID
    • Query String SID
    • Hidden Field SID
    • The shelve module
    • Cookie and Shelve
    • A Session Class

Navigation

  • next
  • previous |
  • CGI Tutorial »
  • Session »
©2006-2015, Clodoaldo Pinto Neto.