September 12th, 2000

One step forward!

The login code is giving me a fight but I'm doing it all without depending on cookies and with the verification of the right REQUEST_METHOD and HTTP_REFERER to ensure that there are no side wholes by which someone might try to get in.....

In reality, the login CGI is a "huge" state machine and once entered is always calling it self on each login/password submit until a valid login/password is entered and a session is created or the max number of tries is reached and the user sent back to the initial application screen and the appropriated error message written into the application log.....

Out to have a coffee and rest my eyes a little.
Back to continue in a short while!
  • Current Mood
    excited excited

Here, again!

Here again to continue with this programming work....

While I was out, it occurred to me that as soon as this login/session management is ready, I'll have an important Lego piece for other systems and programs.

The major draw back of the WWW architecture is also it's strength in certain areas.... It is a stateless protocol so every request to the server and it's response is, really, a closed issue. Unless some one devises a way to make information persist between request/answer transactions.

And as every event normally starts with the browser intervention, that also imposes some restrictions and a lot more complexity to a program/application on the server side.

But this promises.
As soon I have this application ready and I can have a little time left, I'll start applying this login/session management to other things as well.
  • Current Mood
    geeky geeky