soeding
asked on
HTTP Header instead of QueryString
Hi Experts,
this is a very hard question.
I will adjust the points up to 1000 if it seems that there is a solution.
When you log on to experts-exchange, a HTTP header is sent, like "Experts Exchange member".
So you are logged in.
If you come to http://www.baukreis.de, you will get a unique HTTP header:
ETag: "df011-232b-35dd3842".
This is your customer ID or Session ID.
So you are "logged in".
If you know anything about server-side programming and shopping carts, you will know what it means: The customer needs a unique customer ID for that the shopping cart is not going to be lost. This ID must not be lost, too.
(http://www.baukreis.de is using software from http://www.shopsite.com.)
Usually, the customer ID is evaluated through the QueryString.
Shopsite does it through the HTTP header.
---
My problem is: Every time I am linking to a HTML page, the query string is lost.
Not at experts-exchange.com, not at baukreis.de, because they are using HTTP headers, which also work for HTML pages.
---
I know how to send a HTTP header with Perl, or ASP, or Visual Basic, but only for the document itself...
But I wish to send the header also with HTML documents sent to a unique customer.
---
Questions:
1. How does Shopsite manipulate servers to send that HTTP header tag to a unique customer (especially I am interested in Internet Information Server)?
How can I do this?
(Usually, I am working with Visual Basic, but C++ sources would be accepted.)
2. The browser has received this tag. What does he send to the server (to show that it is the same as before)?
How does the server process this information? How does it know, if to send a new or the once-sent header?
3. How can I use a unique HTTP header tag instead of the QueryString?
---
Thank you.
Hope it was clear enough, sorry for the bad English.
Robert
this is a very hard question.
I will adjust the points up to 1000 if it seems that there is a solution.
When you log on to experts-exchange, a HTTP header is sent, like "Experts Exchange member".
So you are logged in.
If you come to http://www.baukreis.de, you will get a unique HTTP header:
ETag: "df011-232b-35dd3842".
This is your customer ID or Session ID.
So you are "logged in".
If you know anything about server-side programming and shopping carts, you will know what it means: The customer needs a unique customer ID for that the shopping cart is not going to be lost. This ID must not be lost, too.
(http://www.baukreis.de is using software from http://www.shopsite.com.)
Usually, the customer ID is evaluated through the QueryString.
Shopsite does it through the HTTP header.
---
My problem is: Every time I am linking to a HTML page, the query string is lost.
Not at experts-exchange.com, not at baukreis.de, because they are using HTTP headers, which also work for HTML pages.
---
I know how to send a HTTP header with Perl, or ASP, or Visual Basic, but only for the document itself...
But I wish to send the header also with HTML documents sent to a unique customer.
---
Questions:
1. How does Shopsite manipulate servers to send that HTTP header tag to a unique customer (especially I am interested in Internet Information Server)?
How can I do this?
(Usually, I am working with Visual Basic, but C++ sources would be accepted.)
2. The browser has received this tag. What does he send to the server (to show that it is the same as before)?
How does the server process this information? How does it know, if to send a new or the once-sent header?
3. How can I use a unique HTTP header tag instead of the QueryString?
---
Thank you.
Hope it was clear enough, sorry for the bad English.
Robert
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
yes mplungjan but can we send other information for example the name, the telephone number or and other information with this cookie ?
yes mplungjan but can we send other information for example the name, the telephone number or and other information with this cookie
soeding, I am willing to give points for your answer, I am also having the same problem. I am actually trying to use session object. But not advancing a lot, so If you can lend me a hand it would be really appreciated. Thanks.
Hi soeding and Patricia.
If you use an authorisation scheme to protect your pages, after successful logon, the http requests will send the userid in an http field form the browser until the browser is closed. If that is what you meant, I am sorry. That is a given. I thought you had another problem.
REMOTE_ADDR=nnn.nnn.nnn.nn
REMOTE_USER=xxxxx - User id, set by http authentication
Ok, cookies are out IP addresses and userids are in -
IP adresses wrok fine except when the ISP gives you a virtual IP address every time you log on.
If you are happy to loose the info after the user cuts the connection and re-establish it without closing the browser, you are in business (assuming the ip address was what you had in mind)
Check this page out:
http://www.webthing.com/tutorials/login.html
If you use an authorisation scheme to protect your pages, after successful logon, the http requests will send the userid in an http field form the browser until the browser is closed. If that is what you meant, I am sorry. That is a given. I thought you had another problem.
REMOTE_ADDR=nnn.nnn.nnn.nn
REMOTE_USER=xxxxx - User id, set by http authentication
Ok, cookies are out IP addresses and userids are in -
IP adresses wrok fine except when the ISP gives you a virtual IP address every time you log on.
If you are happy to loose the info after the user cuts the connection and re-establish it without closing the browser, you are in business (assuming the ip address was what you had in mind)
Check this page out:
http://www.webthing.com/tutorials/login.html
ASKER
mplungjan, Patricia,
great, that's it!
mplungjan,
I am sorry that I cannot give you the points for the other answer.
I would, but there is nothing on the page to do that...?
great, that's it!
mplungjan,
I am sorry that I cannot give you the points for the other answer.
I would, but there is nothing on the page to do that...?
Soeding, I am not sure I understand the second part.
Would you repeat the question you didn't feel was answered?
Thanks,
Michel
Would you repeat the question you didn't feel was answered?
Thanks,
Michel
ASKER
mplungjan,
actually, http://www.baukreis.de holds the client state without cookies or query string (deactivate cookies before testing).
How do they do this?
(You do not need to answer. It's very hard, therefore the "1000 points".)
If you are interested in that question, see
https://www.experts-exchange.com/topics/comp/lang/cplusplus/Q.10078309
Besides, the IP address may change, as I experienced :-(
actually, http://www.baukreis.de holds the client state without cookies or query string (deactivate cookies before testing).
How do they do this?
(You do not need to answer. It's very hard, therefore the "1000 points".)
If you are interested in that question, see
https://www.experts-exchange.com/topics/comp/lang/cplusplus/Q.10078309
Besides, the IP address may change, as I experienced :-(
What I see (without looking hard) is that baukreis are using hidden form fields and cookies on their site - not hard at all.
To write an ISAPI filter sounds a bit over the top to me since a basic authorisation will send whatever userid you assigned to the user with all requests.
Good luck, though
Michel
To write an ISAPI filter sounds a bit over the top to me since a basic authorisation will send whatever userid you assigned to the user with all requests.
Good luck, though
Michel
PS: The reason you do not see the state in the query string is, that they POST their hidden forms.
Michel
Michel
ASKER
you proposed a solution, but you did not answer the questions.
Your answer contains solutions for 4 programming languages: You were thinking. Therefore you will get the points.
I should have said that I do not want to use Cookies, because some users do not like it.
I was looking for a real great solution, not invoking the browser.
Because I did not tell, you will get the points.
In the meantime, I found a solution which neither uses Cookies nor the QueryString.
It is not depending on the browser or the user's preferences.
What's the solution?
Oh my, what's the only number a user is identified with, withOUT all code?
You may post it as a question ... it's genious (and easy).
Thank you.