C++ and XML

Posted on 2003-03-17
Medium Priority
Last Modified: 2010-04-02
I have a Web-based login page that uses a C++ dll to take a user to another web page. BUT there are different users that require to use the different web sites. Any one with any ideas?
Question by:Enum
  • 3
LVL 12

Expert Comment

ID: 8151040
There are essentially two cases here:

1. You don't need to preserve context between the web pages.

2. You do need to preserve context one way or the other.

In the first case you have no problem. Each user access the page and that's it. However, as you have different users who want to access different web sites that is most likely not your situation, which brings us to the second case.

In the second case you need to preserve context.

In the simplest case you can simply let that context be in the URL. This means that you cannot have your web page stored on disk and simply show it. You must generate your web page on the fly.

If you have a web page written something like this:

-----  file.html (or file.xml) -------
  .....blah blah blah....
   .....blah blah blah.....
   <a href="http://www.foo.com/bar/baz.html">to user</a>
   .....blah blah blah...
--------- end of file file.html (or file.xml) ------

Of course, in the case of xml the details will be slightly different etc etc but the main idea that concerns us is the same:

There's a tag here written as <a href="..."> This is the tag that takes you to a new web page. The point is that for different users you want them to go to different pages so then you have to generate a different text in that tag for the different users.

This is best done using some kind of html template file (for example in xml) which generate the file and can generate different URL's depending on context - i.e. the user etc.

So how do you get context?

There are several ways, the simplest is to simply put the context in the URL:


is a valid URL. It also have a variable defined named "baz" which has the value "gazonk". When processing this web page in the cgi script (or whatever you're using) you have the variable "baz" availalbe and can query what value it has. For example you could have an URL like this:


then you can query the value of the variable "user" and then generate a web page depending on that value in some way, if the user is "someone" you generate one web page and if user is "someone-else" then you generate another web page.

One problem with this scheme is obviously that if you want to user to login it is a very bad idea to provide the password as a parameter this way and it is absolutely a no-no to provide 'user=someone' meaning that the user has already logged in as 'someone'. If you use password protection the username should NOT be passed over this way. So this brings you to the other ways to pass context.

There are essentially two ways to do it without putting the context in the URL.

1. Make a cookie and use the cookie for the session. A "cookie" is a bunch of data that your script store on the user's disk in a file there. This file is available to all the scripts that belong to the same 'session' and is per user per session. Typically your 'welcome' page opens a session and create a cookie and then the other pages can read the value of the coookie and modify it. The 'shopping cart' you see many online stores has uses this method and when you put something into the 'shopping cart' they update the cookie for the user and when you come to the final page to perform the purchase the cookie is read and the page generates a bill/receipt based on the info in the cookie.

The other method is to pass info using POST. This is what web pages like the EE site uses. When I type this very message here, I type it into an edit box on this web page. When I then press 'submit' I send a POST message. HTTP is actually a protocol that is very similar to sending E-mail. MIME was a format defined for mail which is also used by HTTP. The result is that every time you send a request to a HTTP server you essentially send it an E-mail. THe response you get back is also an E-mail - or at least in the same format as E-mails. Normally the requests doesn't have much text and is a simple GET request with no body to speak of. But a POST request has a body and can some times be a big body - big enough to hold the message I type in right now.

So this is the other way you can keep context. Generate a POST request and send over your info in the body of the POST message.

To send a POST request you use a <form> ...</form> tag. Inside that form there's usually some kind of button so that when that button is pressed the POST message is sent. There's also often an edit box where user can type the message to include in the message body.

However, in your case you might want to simply use it for holding your context and so choose to not have any edit box at all. Just build up your POST message based on 'fixed' data. The data is fixed in the web page you display but since that web page is in itself dynamically created on the fly that 'fixed' data is most likely not fixed at all but is also dynamic and contain the context you want to preserve. However, the data is fixed in the sense that the user who watches your web page cannot modify these data. If you want him to be able to modify or add more data than you send in the context simply add an edit box or some other form input item that includes the additional info.


Author Comment

ID: 8159446
Thanks for the quick response! The web pages are writen with XML but it is not this that i am worried about.

I am struggling with the c++ dll that would connect the web sites together.

LVL 12

Expert Comment

ID: 8159742
That DLL is part of a CGI processing? Is it a DLL that is called by the web server to provide the web pages?

Could you explain more clearly what exactly is your situation and what exactly is your problem?

LVL 12

Accepted Solution

Salte earned 1200 total points
ID: 8159820

the fact that different users see the web page isn't any problem for the DLL. The DLL doesn't run as the user of the person who view the web page. The DLL runs as the user you have set it up to run as when you install the web pages.

The different users are simply a different name in a variable named "user" or some such that exist in your context. The context is usually found in an environment variable set up by the http server and essentiallly contain everything after '?' of the URL.

In addition the DLL can read from stdin and get the message body, i.e. the text sent to the server via a <form> </form> tag.

In addition the DLL can use some functions to read the cookie value that was sent via the request.

The whole context is the combined information in those three locations. This context is not only per user but it is per session, so the same user can even have several contexts if he has several browsers to the same page. When the browser send a URL to the server it will also pass along the context and so the server only worry about the session sent to it - as long as that session makes sense it can be trusted. For very secure web pages you must ensure that the user cannot fake a cookie and so on but that is normally not a problem since cookies are coded in a specific format and a user cannot fake his session or something unless he has very good understanding of the cookie format and coding. I believe you can also encrypt the cookie so it is sent encrypted and that makes it even harder. I even believe this is the default.

So I don't think you should worry about the fact that the page is used by several users, as long as you can get the context and figure out which user this is, then it is all fine.

Also, a DLL never serve a web page directly per se. A DLL is not a independent program. A DLL is called by the web server or some such and as such it is just subroutine calls and have nothing to do with the http protocol per se, it just simply have available the context if it looks at the right places. You don't have to do anything extra to get it.

So, what exactly is your problem?


Expert Comment

ID: 9502194
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

Answered by: Salte

Please leave any comments here within the next seven days.


EE Cleanup Volunteer

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Written by John Humphreys C++ Threading and the POSIX Library This article will cover the basic information that you need to know in order to make use of the POSIX threading library available for C and C++ on UNIX and most Linux systems.   [s…
  Included as part of the C++ Standard Template Library (STL) is a collection of generic containers. Each of these containers serves a different purpose and has different pros and cons. It is often difficult to decide which container to use and …
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.
The viewer will be introduced to the member functions push_back and pop_back of the vector class. The video will teach the difference between the two as well as how to use each one along with its functionality.

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question