access and session control

Dan Aronson (
Thu, 15 Sep 1994 05:57:37 +0200

I've been designing and am about to implement some session control and
access restrictions for some documents served, searched and retrieved via
a web server. This is meant as a stop gap thing until the world has
some for of secure http clients/servers. The basic design is that
all acesses will go through a CGI program. This program will modify any
URL's in documents to ensure the triggering the URL while redirect it's
action via the CGI program. The program will also add some a session key
to the URL. For example, if a document contained the following:

<A HREF=> (where my server is running on

this might be rewritten as:


(where SK is the session key which gets passed around)

The web server while keep state associated with the session key.

I assume that similar things have been done. Does anyone have any pointers?

--Dan Aronson