Job with sessions in perl

The mechanism of sessions gives us a remarkable opportunity of storage of any data between sessions of the user. Besides on the basis of sessions it is possible to organize identification of users.

Data storage in sessions more reliably both from the point of view of safety, and from the point of view of correctness of job, than storage in kukakh (cookies). Why? For job with session from the user it is required to receive only the identifier of session, all data are stored{kept} on the server and get out on the identifier. In a case cookies the browser of the user should « carry all with itself » and pass each time when it is required. Besides, the user can forbid in general reception kuk.

Opportunities for job with sessions are in many widespread languages - Perl, PHP. In my opinion, Java too gives such opportunity, but I never communicated with her, so I can not precisely say. To me is more habitual Perl so I shall lean{base} on him .

In language Perl job with sessions is realized with the help of module CGI:: Session which can be found on CPAN Search. This module gives some ways of a data storage: files (CGI:: Session:: File), Berkeley DB (CGI:: Session:: DB_File) and MySQL (CGI:: Session:: MySQL). I shall speak about a case with storage in files.

As usually it occurs in Perl, There's More Than One Way To Do It. To work with CGI:: Session it is possible in two ways:

?         OO-style;

?         Connected khehshi.

Let's consider both ways. In the first case the object $session is created:

my $session = new CGI:: Session:: File ($sid, {Directory => "sessions"});

Parameter Directory sets the catalogue on a disk where files with the data of session will be located; $sid - the identifier of session.

The second way (connected khehshi) looks as follows:

tie %session, " CGI:: Session:: File ", $sid, {Directory => "sessions"};

Now the given sessions will be accessible in khehshe %session as pairs "key / value".

The identifier of session can be passed or through kuki, or as parameter by a call of a script.

use CGI qw/:standard/;

use CGI:: Session:: File;

my $sid = param (' sid ') || cookie (' sid ') || undef;

If value $sid appears uncertain, that is the identifier has not been transferred{handed}, we can generate his  means of the same CGI:: Session:

my $sid = $session-> id; * OO-style

my $sid = $session {_session_id}; * tied hash

The premise{room} of the data in session and extraction of them is done{made} as follows:

* We shall bring to session in new parameter

$session-> param ("param_name", $param_value); * OO-style

$session {param_name} = $param_value; * tied hash

* Now we shall take his  value my $new_param_value = $session-> param ("param_name"); * OO-style

my $new_param_value = $session {param_name}; * tied hash

As you can see, all is simple enough. Certainly, through sessions I to do{make} authorization of users did not become{begin}, but identification without checks of passwords, logins and other sekurnoj information, storage of special security measures of the data not demanding acceptance is made quite normally.

Example of identification of the user:

*!/usr/bin/perl-w

use CGI qw/:standard/;

use CGI:: Session:: File;

use strict;

my %session;

my $sid = param (' SID ') || cookie (' SID ') || undef;

tie %session, " CGI:: Session:: File ", $sid, {Directory => "sess"};

unless (defined $sid) {

$sid = $session {_session_id};

my $user_name = "Anonymous";

} else {

my $user_name = $session {user_name};

}

print header,

start_html,

h1 (" Hello, $user_name! "),

end_html;

untie %session;