IT350 - Web and Internet Programming

Lab 10 Session Variables


We talked about using session variables instead of cookies to keep track of state and enhance the security of your websites as users browse your webite. We will practice that using some of the files from your project.

Lab Requirements

You must create a folder on your Web drive called "Lab10" (without the quotes) and store your work in that directory.

Copy your files from the Lab09 directory (or your team directory) to your Lab10 directory. Note that you do not need to have Lab09 completed in order to work on this lab.


Modify the scripts to use session variables: For this lab, you will have to modify at least 3 of the scripts you have for your project, so they work with session variables instead of cookies. These scripts are the login, logout, and process status update scripts.

1.      login script: modify this script such that, if the user entered the correct credentials, a session is created, and the information that you used to store in cookies (probably the username and user role) are now stored in session variables. Set the new session id as a cookie with cookie name "CGISESSID".

2.      post status update script: modify this script such that only users that have the username session variable set can access the script.

3.      logout script: modify this script such that when the users logs out, the session information and the session itself is deleted. The user should not be able to post a status update without logging in again.



  1. All of your files should be in a folder called "Lab10" (without the quotes) on the Web drive. Your instructor will assume that your web pages are viewable at or index.shtml or where XXXXXX is your alpha number.
  2. Your project in Lab09 should have the security measures we discussed implemented, so the attacks discovered by other teams will not work anymore.
  3. In default.htm, add:
    1. a link to your Lab09/index.html (or whatever the main page of your project is)
    2. a link to your "post a status update" form that will invoke the script when submitted
  4. Turn in the following hardcopy at the beginning of class on the due date, stapled together in the following order (coversheet on top):
    1. A completed assignment coversheet. Your comments will help us improve the course.
    2. Write a valid username and password for your website on your coversheet.
    3. A hard-copy of the Perl source of the login script
    4. A hard-copy of the Perl source of the logout script
    5. A hard-copy of the Perl source of the script that processes the status update