in reply to Re^2: CGI Authenticaiton
in thread CGI Authenticaiton
HTTP doesn't really give you that many levers to pull on for tracking state between requests; it's either in the headers or in the body. "Encoded into the URL" counts as "headers", "hidden field in a POST" counts as "body", and about the only other thing you have is "cookie", which is a header. And cookie is the only one that the browser itself knows anything about between requests.