[Pdx-pm] saving state with CGI.pm

Joe Oppegaard joe at oppegaard.net
Thu Nov 6 13:38:29 CST 2003

On Tue, 4 Nov 2003, John Springer wrote:

> I'm having a problem using CGI.pm to save state.  Maybe I'm using the
> wrong tool??  Anyways...
> I have users going through several forms to collect information, and
> I'm saving the state of the CGI object in a session file. But I want to
> keep a "running list" of all the data that has been set across all the
> forms, so the user can bounce back and forth without losing anything.

My preferred way to do things like this are with sessions. See
CGI::Session and the very good tutorial that comes with it. (Note the
-ip-match switch).

You can store the user sessionId in a cookie, hidden input fields, or in
the URL query string itself, which is nice for non-cookie users. The
preferred thing to do with sessions that hold sensitive data in the
session file is to expire the sessionid after a set number of minutes or
when the browser closes, making sure to cleanup the session files. Of
course the session files should only be readable by the user the
webserver is running as.

I actually haven't done this in perl too much because most of the web
code at my job uses PHP (/me ducks), which has very convienent
built in session handling.

-Joe Oppegaard

More information about the Pdx-pm-list mailing list