[3883] in WWW Security List Archive
Re: Maintaining state with CGI
daemon@ATHENA.MIT.EDU (Bob Jernigan)
Sun Dec 22 14:34:45 1996
From: jern@spaceaix.jhuapl.edu (Bob Jernigan)
To: jwp@r2systems.com (John W Pierce)
Date: Sun, 22 Dec 1996 12:37:07 -0500 (EST)
Cc: www-security@ns2.rutgers.edu
In-Reply-To: <01BBEF92.7880EF00@jwp5.extern.ucsd.edu> from "John W Pierce" at Dec 21, 96 10:58:15 pm
Errors-To: owner-www-security@ns2.rutgers.edu
Re: discussion on maintaining state without cookies.
I guess there are many ways to do this. Since we have an Intranet
application and some control of the browsers used, we require that
all applications needing state have frame capability. Our database
maintenance pages have a hidden frame where state information is
maintained. A second hidden frame is used for communication
to the database. Our Oracle module for Apache puts state information
in the <head><script> part of the page. Javascript can retrieve
that information and change page content to display information
from that frame.
For example, one area of the page displays a transparent gif. When
an update is submitted, the gif is changed to inform user that
update is in progress. If successful, a "success" gif in then
placed on the page. If the database update fails, a "failure" gif
is displayed. The frame will contain the error messages that can
be processed.
This is much easier for the used because the displayed page isn't changing
with every click. You only need to change content as state changes
occur.
bob jernigan
JHU/APL
