Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 428
  • Last Modified:

HTTP Header instead of QueryString

Hi Experts,
this is a very hard question.
I will adjust the points up to 1000 if it seems that there is a solution.

When you log on to experts-exchange, a HTTP header is sent, like "Experts Exchange member".
So you are logged in.

If you come to http://www.baukreis.de, you will get a unique HTTP header:
ETag: "df011-232b-35dd3842".
This is your customer ID or Session ID.
So you are "logged in".

If you know anything about server-side programming and shopping carts, you will know what it means: The customer needs a unique customer ID for that the shopping cart is not going to be lost. This ID must not be lost, too.

(http://www.baukreis.de is using software from http://www.shopsite.com.)

Usually, the customer ID is evaluated through the QueryString.
Shopsite does it through the HTTP header.

---
My problem is: Every time I am linking to a HTML page, the query string is lost.
Not at experts-exchange.com, not at baukreis.de, because they are using HTTP headers, which also work for HTML pages.
---

I know how to send a HTTP header with Perl, or ASP, or Visual Basic, but only for the document itself...
But I wish to send the header also with HTML documents sent to a unique customer.


---
Questions:

1. How does Shopsite manipulate servers to send that HTTP header tag to a unique customer (especially I am interested in Internet Information Server)?
How can I do this?
(Usually, I am working with Visual Basic, but C++ sources would be accepted.)

2. The browser has received this tag. What does he send to the server (to show that it is the same as before)?
How does the server process this information? How does it know, if to send a new or the once-sent header?

3. How can I use a unique HTTP header tag instead of the QueryString?


---
Thank you.
Hope it was clear enough, sorry for the bad English.
Robert
0
soeding
Asked:
soeding
  • 5
  • 3
  • 3
1 Solution
 
Michel PlungjanIT ExpertCommented:
Send a cookie instead,
Http header is
Set-Cookie: Name=mycookie; path=WhatDirectoriesMayReadThis; expires=DateInUTCformat

In perl it is something like

print"Content-Type: text/html\n";

print "Set-Cookie:ORDER=",$name,"; path=/; expires=Wednesday, 19-Nov-99 23:12:40 GMT\n";

The page itself can set the cookie with
<META HTTP-EQUIV="Set-Cookie" CONTENT=".............">
or by using JavaScript
<SCRIPT>
document.cookie="..............."
</SCRIPT>

With the expires you can control how long the cookie lives  - if not used, the cookie expires when the browser is closed.

Any cgi invoked from a document with a cookie set will send an HTTP-COOKIE header back to the server.

Michel
0
 
soedingAuthor Commented:
Hi mplungjan,

you proposed a solution, but you did not answer the questions.
Your answer contains solutions for 4 programming languages: You were thinking. Therefore you will get the points.

I should have said that I do not want to use Cookies, because some users do not like it.
I was looking for a real great solution, not invoking the browser.
Because I did not tell, you will get the points.

In the meantime, I found a solution which neither uses Cookies nor the QueryString.
It is not depending on the browser or the user's preferences.

What's the solution?
Oh my, what's the only number a user is identified with, withOUT all code?
You may post it as a question ... it's genious (and easy).

Thank you.
0
 
Patricia080698Commented:
yes mplungjan but can we send other information for example the name, the telephone number or and other information with this cookie ?
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
Patricia080698Commented:
yes mplungjan but can we send other information for example the name, the telephone number or and other information with this cookie
0
 
Patricia080698Commented:
soeding, I am willing to give points for your answer, I am also having the same problem. I am actually trying to use session object. But not advancing a lot, so If you can lend me a hand it would be really appreciated. Thanks.
0
 
Michel PlungjanIT ExpertCommented:
Hi soeding and Patricia.

If you use an authorisation scheme to protect your pages, after successful logon, the http requests will send the userid in an http field form the browser until the browser is closed. If that is what you meant, I am sorry. That is a given. I thought you had another problem.

REMOTE_ADDR=nnn.nnn.nnn.nnn - IP Address - always there
REMOTE_USER=xxxxx - User id, set by http authentication

Ok, cookies are out IP addresses and userids are in -

IP adresses wrok fine except when the ISP gives you a virtual IP address every time you log on.

If you are happy to loose the info after the user cuts the connection and re-establish it without closing the browser, you are in business (assuming the ip address was what you had in mind)

Check this page out:
http://www.webthing.com/tutorials/login.html


0
 
soedingAuthor Commented:
mplungjan, Patricia,
great, that's it!

mplungjan,
I am sorry that I cannot give you the points for the other answer.
I would, but there is nothing on the page to do that...?
0
 
Michel PlungjanIT ExpertCommented:
Soeding, I am not sure I understand the second part.
Would you repeat the question you didn't feel was answered?

Thanks,

Michel
0
 
soedingAuthor Commented:
mplungjan,

actually, http://www.baukreis.de holds the client state without cookies or query string (deactivate cookies before testing).
How do they do this?
(You do not need to answer. It's very hard, therefore the "1000 points".)

If you are interested in that question, see
http://www.experts-exchange.com/topics/comp/lang/cplusplus/Q.10078309

Besides, the IP address may change, as I experienced :-(
0
 
Michel PlungjanIT ExpertCommented:
What I see (without looking hard) is that baukreis are using hidden form fields and cookies on their site - not hard at all.
To write an ISAPI filter sounds a bit over the top to me since a basic authorisation will send whatever userid you assigned to the user with all requests.

Good luck, though

Michel
0
 
Michel PlungjanIT ExpertCommented:
PS: The reason you do not see the state in the query string is, that they POST their hidden forms.

Michel
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 5
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now