Perl and CGI

This module discusses techniques for overcoming some of the inherent limitations of the HTTP protocol. In particular, you will learn:

Perls of Wisdom

1. How to use the state-machine model to keep track of users
2. How to pass data from page to page using hidden fields
3. How to use Perl variables in an HTML file
4. How to use HTTP cookies

In the process, you will build and experiment with the first part of our class project, the Guestbook program.

When you are finished with this module you will have a good understanding of the state-machine model and how to use it to make your programs more interactive for your users.

The Challenge: HTTP's Stateless Nature

The Hypertext Transfer Protocol (HTTP) was designed with a fundamental limitation: it is stateless. Each request from a web browser to a web server is treated as an independent transaction with no memory of previous requests. Once the server sends a response, it forgets everything about that interaction.

This stateless design works perfectly for serving simple web pages, but creates significant challenges when building interactive web applications. How do you maintain a shopping cart across multiple pages? How do you remember that a user has logged in? How do you track a user's progress through a multi-step form?

For CGI programmers, overcoming HTTP's statelessness is essential to creating meaningful web applications. Fortunately, several proven techniques exist to add state management to your Perl CGI programs.

Techniques for Managing State in Perl CGI

1. Hidden Form Fields

Hidden form fields allow you to embed data in an HTML form that gets passed back to your CGI script with the next request. The user doesn't see these fields, but they travel with the form submission.

<form action="process.cgi" method="POST">
  <input type="hidden" name="user_id" value="12345">
  <input type="hidden" name="page_number" value="2">
  <input type="text" name="email">
  <input type="submit" value="Continue">
</form>

This technique is useful for maintaining context across a sequence of forms, such as in a multi-step registration process or checkout flow.

2. URL Query Parameters

Data can be appended to URLs as query parameters, allowing state information to travel with each link click:

<a href="next_page.cgi?user_id=12345&session=abc123">Continue</a>

Your Perl CGI script can extract these parameters and use them to maintain continuity between pages.

3. HTTP Cookies

Cookies are small pieces of data that the server sends to the browser, which the browser then includes with subsequent requests to that server. Cookies provide a powerful way to maintain state across multiple visits to your site.

In Perl, you can set a cookie using an HTTP header:

#!/usr/bin/perl
print "Set-Cookie: user_id=12345; path=/\n";
print "Content-type: text/html\n\n";
print "<html><body>Cookie set!</body></html>";

Cookies can store session identifiers, user preferences, or authentication tokens, making them ideal for tracking logged-in users.

4. The State-Machine Model

A state machine is a programming pattern where your application maintains awareness of its current "state" and responds differently based on that state. In web programming, this typically means tracking where a user is in a multi-step process.

For example, a Guestbook application might have these states:

• View entries - Display existing guestbook entries
• Add entry form - Show the form for adding a new entry
• Validate entry - Check submitted data for errors
• Confirm entry - Display confirmation and save to file

Your Perl script uses hidden fields or URL parameters to track which state the user is in, then executes the appropriate code block for that state. This creates a smooth, multi-step user experience despite HTTP's statelessness.

5. Server-Side Session Files

Another approach is to generate a unique session ID for each user and store their data in a file on the server. The session ID travels with the user (via cookie or URL parameter), while the actual data stays secure on the server.

# Generate unique session ID
my $session_id = time() . int(rand(10000));

# Store user data in a session file
open(SESSION, ">/tmp/session_$session_id.txt");
print SESSION "user_id=12345\n";
print SESSION "cart_total=59.99\n";
close(SESSION);

Combining Techniques

Professional CGI applications often combine multiple techniques. For example, you might use cookies to store a session ID, hidden fields to track the current state in a multi-step form, and server-side session files to store sensitive user data.

As you build the Guestbook program in this module, you'll gain hands-on experience implementing these state management techniques in Perl, transforming simple CGI scripts into interactive web applications.