Solved

HTTP Header instead of QueryString

Posted on 1998-08-28
11
390 Views
Last Modified: 2013-12-23
Hi Experts,
this is a very hard question.
I will adjust the points up to 1000 if it seems that there is a solution.

When you log on to experts-exchange, a HTTP header is sent, like "Experts Exchange member".
So you are logged in.

If you come to http://www.baukreis.de, you will get a unique HTTP header:
ETag: "df011-232b-35dd3842".
This is your customer ID or Session ID.
So you are "logged in".

If you know anything about server-side programming and shopping carts, you will know what it means: The customer needs a unique customer ID for that the shopping cart is not going to be lost. This ID must not be lost, too.

(http://www.baukreis.de is using software from http://www.shopsite.com.)

Usually, the customer ID is evaluated through the QueryString.
Shopsite does it through the HTTP header.

---
My problem is: Every time I am linking to a HTML page, the query string is lost.
Not at experts-exchange.com, not at baukreis.de, because they are using HTTP headers, which also work for HTML pages.
---

I know how to send a HTTP header with Perl, or ASP, or Visual Basic, but only for the document itself...
But I wish to send the header also with HTML documents sent to a unique customer.


---
Questions:

1. How does Shopsite manipulate servers to send that HTTP header tag to a unique customer (especially I am interested in Internet Information Server)?
How can I do this?
(Usually, I am working with Visual Basic, but C++ sources would be accepted.)

2. The browser has received this tag. What does he send to the server (to show that it is the same as before)?
How does the server process this information? How does it know, if to send a new or the once-sent header?

3. How can I use a unique HTTP header tag instead of the QueryString?


---
Thank you.
Hope it was clear enough, sorry for the bad English.
Robert
0
Comment
Question by:soeding
  • 5
  • 3
  • 3
11 Comments
 
LVL 75

Accepted Solution

by:
Michel Plungjan earned 200 total points
ID: 1561389
Send a cookie instead,
Http header is
Set-Cookie: Name=mycookie; path=WhatDirectoriesMayReadThis; expires=DateInUTCformat

In perl it is something like

print"Content-Type: text/html\n";

print "Set-Cookie:ORDER=",$name,"; path=/; expires=Wednesday, 19-Nov-99 23:12:40 GMT\n";

The page itself can set the cookie with
<META HTTP-EQUIV="Set-Cookie" CONTENT=".............">
or by using JavaScript
<SCRIPT>
document.cookie="..............."
</SCRIPT>

With the expires you can control how long the cookie lives  - if not used, the cookie expires when the browser is closed.

Any cgi invoked from a document with a cookie set will send an HTTP-COOKIE header back to the server.

Michel
0
 
LVL 1

Author Comment

by:soeding
ID: 1561390
Hi mplungjan,

you proposed a solution, but you did not answer the questions.
Your answer contains solutions for 4 programming languages: You were thinking. Therefore you will get the points.

I should have said that I do not want to use Cookies, because some users do not like it.
I was looking for a real great solution, not invoking the browser.
Because I did not tell, you will get the points.

In the meantime, I found a solution which neither uses Cookies nor the QueryString.
It is not depending on the browser or the user's preferences.

What's the solution?
Oh my, what's the only number a user is identified with, withOUT all code?
You may post it as a question ... it's genious (and easy).

Thank you.
0
 
LVL 1

Expert Comment

by:Patricia080698
ID: 1561391
yes mplungjan but can we send other information for example the name, the telephone number or and other information with this cookie ?
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 1

Expert Comment

by:Patricia080698
ID: 1561392
yes mplungjan but can we send other information for example the name, the telephone number or and other information with this cookie
0
 
LVL 1

Expert Comment

by:Patricia080698
ID: 1561393
soeding, I am willing to give points for your answer, I am also having the same problem. I am actually trying to use session object. But not advancing a lot, so If you can lend me a hand it would be really appreciated. Thanks.
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 1561394
Hi soeding and Patricia.

If you use an authorisation scheme to protect your pages, after successful logon, the http requests will send the userid in an http field form the browser until the browser is closed. If that is what you meant, I am sorry. That is a given. I thought you had another problem.

REMOTE_ADDR=nnn.nnn.nnn.nnn - IP Address - always there
REMOTE_USER=xxxxx - User id, set by http authentication

Ok, cookies are out IP addresses and userids are in -

IP adresses wrok fine except when the ISP gives you a virtual IP address every time you log on.

If you are happy to loose the info after the user cuts the connection and re-establish it without closing the browser, you are in business (assuming the ip address was what you had in mind)

Check this page out:
http://www.webthing.com/tutorials/login.html


0
 
LVL 1

Author Comment

by:soeding
ID: 1561395
mplungjan, Patricia,
great, that's it!

mplungjan,
I am sorry that I cannot give you the points for the other answer.
I would, but there is nothing on the page to do that...?
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 1561396
Soeding, I am not sure I understand the second part.
Would you repeat the question you didn't feel was answered?

Thanks,

Michel
0
 
LVL 1

Author Comment

by:soeding
ID: 1561397
mplungjan,

actually, http://www.baukreis.de holds the client state without cookies or query string (deactivate cookies before testing).
How do they do this?
(You do not need to answer. It's very hard, therefore the "1000 points".)

If you are interested in that question, see
http://www.experts-exchange.com/topics/comp/lang/cplusplus/Q.10078309

Besides, the IP address may change, as I experienced :-(
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 1561398
What I see (without looking hard) is that baukreis are using hidden form fields and cookies on their site - not hard at all.
To write an ISAPI filter sounds a bit over the top to me since a basic authorisation will send whatever userid you assigned to the user with all requests.

Good luck, though

Michel
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 1561399
PS: The reason you do not see the state in the query string is, that they POST their hidden forms.

Michel
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question