CGI model extensions
Persistent processes, session management, and so on
We’ll explore most of these in later examples, but since this is a core idea in server-side
scripting, let’s take a brief look at each of these in turn.
URL Query Parameters
We met these earlier in this chapter: hardcoded URL parameters in dynamically gen-
erated hyperlinks embedded in input pages produced as replies. By including both a
processing script name and input to it, such links direct the operation of the next page
when selected. The parameters are transmitted from client to server automatically, as
part of a GET-style request.
Coding query parameters is straightforward—print the correctly formatted URL to
standard output from your CGI script as part of the reply page (albeit following some
escaping conventions we’ll meet later in this chapter). Here’s an example drawn from
the next chapter’s webmail case study:
script = "onViewListLink.py"
user = 'bob'
mnum = 66
pswd = 'xxx'
site = ' pop.myisp.net'
print('<a href="%s?user=%s&pswd=%s&mnum=%d&site=%s">View %s</a>'
% (script, user, pswd, mnum, site, mnum))The resulting URL will have enough information to direct the next script when clicked:
<a href="onViewListLink.py?user=bob&pswd=xxx&mnum=66&site=pop.myisp.net">View 66</a>Query parameters serve as memory, and they pass information between pages. As such,
they are useful for retaining state across the pages of a single session of interaction.
Since each generated URL may have different attached parameters, this scheme can
provide context per user-selectable action. Each link in a list of selectable alternatives,
for example, may have a different implied action coded as a different parameter value.
Moreover, users can bookmark a link with parameters, in order to return to a specific
state in an interaction.
Because their state retention is lost when the page is abandoned, though, they are not
useful for remembering state from session to session. Moreover, the data appended as
URL query parameters is generally visible to users and may appear in server logfiles; in
some applications, it may have to be manually encrypted to avoid display or forgery.
Hidden Form Input Fields
We met these in the prior section as well: hidden form input fields that are attached to
form data and are embedded in reply web pages, but are not displayed in web pages or
their URL addresses. When the form is submitted, all the hidden fields are transmitted
1176 | Chapter 15: Server-Side Scripting