[5604] in www-talk@info.cern.ch
access and session control
daemon@ATHENA.MIT.EDU (Dan Aronson)
Thu Sep 15 00:07:34 1994
Date: Thu, 15 Sep 1994 06:00:57 +0200
Errors-To: listmaster@www0.cern.ch
Errors-To: listmaster@www0.cern.ch
Reply-To: dan@wais.com
From: dan@wais.com (Dan Aronson)
To: Multiple recipients of list <www-talk@www0.cern.ch>
Hi,
I've been designing and am about to implement some session control and
access restrictions for some documents served, searched and retrieved via
a web server. This is meant as a stop gap thing until the world has
some for of secure http clients/servers. The basic design is that
all acesses will go through a CGI program. This program will modify any
URL's in documents to ensure the triggering the URL while redirect it's
action via the CGI program. The program will also add some a session key
to the URL. For example, if a document contained the following:
<A HREF=http://foo.bar/baz.html> (where my server is running on foo.bar)
this might be rewritten as:
<A HREF=http://foo.bar/cgi-bin/access?file=baz.html+session_key=SK>
(where SK is the session key which gets passed around)
The web server while keep state associated with the session key.
I assume that similar things have been done. Does anyone have any pointers?
--Dan Aronson dan@wais.com
WAIS Inc
