Cookie Session

From genomewiki
Jump to navigationJump to search

This is only a start -- a brief email explanation. Better than nothing I hope.

The cookie holds hguid. hgsid should be passed around from one CGI form to the next, so yes, most of our site should work without cookies. Here and there I think we may forget to include hgsid, and the use of cookies masks that most of the time, but that would cause loss of session in the absence of cookies.

hgsid is a key into hgcentral.sessionDb. hguid is a key into hgcentral.userDb. When we have hguid from a cookie, but don't have hgsid, we can restore settings from userDb. When we have hguid from a cookie, and do have hgsid, we use sessionDb and we save the settings into userDb as well, as a backup in case we lose hgsid. When we don't have hguid (cookies disabled/dysfunctional) but do have hgsid, settings will be updated in sessionDb and a new userDb entry will be created on each access (wasteful). When we don't have hguid and hgsid is not passed forward via URL or posted form, settings are lost.


Navigation: back to Implementation_Notes