Hidden Field SID

The hidden form field SID is almost the same as the query string based one, sharing the same problems.

#!/usr/bin/env python

import sha, time, cgi, os

sid = cgi.FieldStorage().getfirst('sid')

if sid: # If session exists
   message = 'Already existent session'
else: # New session
   # The sid will be a hash of the server time
   sid = sha.new(repr(time.time())).hexdigest()
   message = 'New session'

qs = 'sid=' + sid

print """\
Content-Type: text/html\n
<html><body>
<p>%s</p>
<p>SID = %s</p>
<form method="post">
<input type="hidden" name=sid value="%s">
<input type="submit" value="Submit">
</form>
</body></html>
""" % (message, sid, sid)

Web Python Tutorial

About

Hidden Field SID