IT350 - Web and
We talked about using session variables instead of cookies to keep track of state and enhance the security of your websites as users browse your webite. We will practice that using some of the files from your project.
You must create a folder on your Web drive called "Lab10" (without the quotes) and store your work in that directory.
Copy your files from the Lab09 directory (or your team directory) to your Lab10 directory. Note that you do not need to have Lab09 completed in order to work on this lab.
Modify the scripts to use session variables: For this lab, you will have to modify at least 3 of the scripts you have for your project, so they work with session variables instead of cookies. These scripts are the login, logout, and process status update scripts.
1. login script: modify this script such that, if the user entered the correct credentials, a session is created, and the information that you used to store in cookies (probably the username and user role) are now stored in session variables. Set the new session id as a cookie with cookie name "CGISESSID".
2. post status update script: modify this script such that only users that have the username session variable set can access the script.
3. logout script: modify this script such that when the users logs out, the session information and the session itself is deleted. The user should not be able to post a status update without logging in again.