|
|
| Password protection of XSLT stylesheets with session id parameter CGI XSLT engine reads HTTP COOKIE. This feature can be used for password protection of XSLT programs. We assume that you know how to set HTTP COOKIE. Here, we explain a method how the session parameter can be passed to xsltp.pl Perl script. It is convenient to create the XML file (not use .xml extesion in file names for session parameters) <?xml version="1.0"?> <!DOCTYPE session-param [<!ENTITY session_id SYSTEM "my_session_file_name">]> <session_id>&session_id;</session_id> Then, declare the session parameter and session variable in the XSLT stylesheet <!-- string or int or number type -->
<xsl:param name="my_session_param" as="string" max-size="10"/>
<!-- session variable -->
<xsl:variable name="session">
<xsl:choose>
<xsl:when test="$my_session_param=document('name_of_above_file',$source)/session_id">
<xsl:value-of select="$my_session_param"/>
</xsl:when>
<xsl:otherwise>
<xsl:message terminate="yes">
<html>
<body>.... </body>
</html>
</xsl:message>
</xsl:otherwise>
</xsl:choose>
</xsl:variable>The script that sets "my_session_param" value in HTTP COOKIE saves the session id parameter in the file "my_session_file_name". In the above code it was assumed that the file "name_of_above_file" is in the same directory as the XML source. If this is not the case the document function can be called with different second argument. As concerns WCX Editor, it is enough to protect the "xe_main" XSLT stylesheet. |
