Re: (fongsaiyuk) info from one page to another.

in reply to info from one page to another.

In addition to passing hidden form elements between pages and potentially employing some of merlyn's above mentioned techniques, you might consider session management through the use of Apache::Session.

Granted this is a server-based session-management solution and requires the installation of Apache webserver and mod_perl (optionally MySQL or PostgreSQL), so YMMV.

Just throw in a Web application development framework like HTML::Mason or Text::Template and you too could be the next amazon.com!!!! :) see princepawn's node for some framework starting points...

<tip>When using server-based session management, instead of storing lots of user data in the session consider storing only the row id from the user's login profile in the session. That way with one quick query to the database on a page reload you have all the user profile information. There are of course pros and cons to this, but for some applications such a technique would be desirable. </tip>

Comment on Re: (fongsaiyuk) info from one page to another.

Replies are listed 'Best First'.
Re: Re: (fongsaiyuk) info from one page to another. by salvadors (Pilgrim) on Jan 01, 2001 at 21:08 UTC
<tip> When using server-based session management, instead of storing lots of user data in the session consider storing only the row id from the user's login profile in the session. That way with one quick query to the database on a page reload you have all the user profile information.</tip> This tip is particularly important to bear in mind if you're at all security conscious. It isn't particularly hard to manipulate session data, whether it's munged in the URL, or in a cookie, or wherever. If the only piece of information there is an ID that points to the real data, it's a lot harder to set that data. This of course means that you shouldn't use autoincremented values for this ID, unless you don't mind someone deciding that they'd rather be user 123143 instead of 124124. I've come across quite a few major ecommerce websites (including large public companies) who had URLs along the lines of http::www.wherever.com/cgi-bin/view_return?id=1233 to let you see the details of your return, and who would quite happily let you see the details of return 1232, 1231 etc as well... Tony	[reply]

Replies are listed 'Best First'.

Re: Re: (fongsaiyuk) info from one page to another.
by salvadors (Pilgrim) on Jan 01, 2001 at 21:08 UTC

<tip> When using server-based session management, instead of storing lots of user data in the session consider storing only the row id from the user's login profile in the session. That way with one quick query to the database on a page reload you have all the user profile information.</tip>

This tip is particularly important to bear in mind if you're at all security conscious. It isn't particularly hard to manipulate session data, whether it's munged in the URL, or in a cookie, or wherever. If the only piece of information there is an ID that points to the real data, it's a lot harder to set that data.

This of course means that you shouldn't use autoincremented values for this ID, unless you don't mind someone deciding that they'd rather be user 123143 instead of 124124.

I've come across quite a few major ecommerce websites (including large public companies) who had URLs along the lines of http::www.wherever.com/cgi-bin/view_return?id=1233 to let you see the details of your return, and who would quite happily let you see the details of return 1232, 1231 etc as well...

Tony

[reply]

In Section Seekers of Perl Wisdom