Return-Path:
X-Original-To: apmail-httpd-cvs-archive@www.apache.org
Delivered-To: apmail-httpd-cvs-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
by minotaur.apache.org (Postfix) with SMTP id 9C43C9F3D
for ;
Sat, 25 Feb 2012 20:32:51 +0000 (UTC)
Received: (qmail 70975 invoked by uid 500); 25 Feb 2012 20:32:51 -0000
Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org
Received: (qmail 70930 invoked by uid 500); 25 Feb 2012 20:32:51 -0000
Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help:
list-unsubscribe:
List-Post:
List-Id:
Delivered-To: mailing list cvs@httpd.apache.org
Received: (qmail 70922 invoked by uid 99); 25 Feb 2012 20:32:51 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 25 Feb 2012 20:32:51 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 25 Feb 2012 20:32:50 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
by eris.apache.org (Postfix) with ESMTP id 2E6E02388860;
Sat, 25 Feb 2012 20:32:30 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1293678 -
/httpd/httpd/trunk/docs/manual/mod/mod_session.xml
Date: Sat, 25 Feb 2012 20:32:30 -0000
To: cvs@httpd.apache.org
From: minfrin@apache.org
X-Mailer: svnmailer-1.0.8-patched
Message-Id: <20120225203230.2E6E02388860@eris.apache.org>
Author: minfrin
Date: Sat Feb 25 20:32:29 2012
New Revision: 1293678
URL: http://svn.apache.org/viewvc?rev=1293678&view=rev
Log:
Add a section to the mod_session documentation that better describes how to integrate
applications with mod_session.
Modified:
httpd/httpd/trunk/docs/manual/mod/mod_session.xml
Modified: httpd/httpd/trunk/docs/manual/mod/mod_session.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_session.xml?rev=1293678&r1=1293677&r2=1293678&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_session.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_session.xml Sat Feb 25 20:32:29 2012
@@ -63,10 +63,17 @@
What is a session?
At the core of the session interface is a table of key and value pairs
- that are made accessible across browser requests.
-
- These pairs can be set to any valid string, as needed by the
- application making use of the session.
+ that are made accessible across browser requests. These pairs can be set
+ to any valid string, as needed by the application making use of the
+ session.
+
+ The "session" is a application/x-www-form-urlencoded
+ string containing these key value pairs, as defined by the
+ HTML specification.
+
+ The session can optionally be encrypted and base64 encoded before
+ being written to the storage mechanism, as defined by the
+ administrator.
Who can use a session?
@@ -99,9 +106,9 @@
Keeping sessions on the browser
- Where keeping track of a session on a server is too resource
- intensive or inconvenient, the option exists to store the contents
- of the session within a cookie on the client browser instead.
+ In high traffic environments where keeping track of a session on a
+ server is too resource intensive or inconvenient, the option exists to store
+ the contents of the session within a cookie on the client browser instead.
This has the advantage that minimal resources are required on the
server to keep track of sessions, and multiple servers within a server
@@ -251,6 +258,64 @@
examples.
+ Integrating Sessions with External Applications
+
+ In order for sessions to be useful, it must be possible to share the contents
+ of a session with external applications, and it must be possible for an
+ external application to write a session of its own.
+
+ A typical example might be an application that changes a user's password set by
+ mod_auth_form. This application would need to read the current
+ username and password from the session, make the required changes to the user's
+ password, and then write the new password to the session in order to provide a
+ seamless transition to the new password.
+
+ A second example might involve an application that registers a new user for
+ the first time. When registration is complete, the username and password is
+ written to the session, providing a seamless transition to being logged in.
+
+
+ - Apache modules
+ - Modules within the server that need access to the session can use the
+ mod_session.h API in order to read from and write to the
+ session. This mechanism is used by modules like mod_auth_form.
+
+
+ - CGI programs and scripting languages
+ - Applications that run within the webserver can optionally retrieve the
+ value of the session from the HTTP_SESSION environment
+ variable. The session should be encoded as a
+ application/x-www-form-urlencoded string as described by the
+ HTML specification. The environment
+ variable is controlled by the setting of the
+ SessionEnv directive. The session
+ can be written to by the script by returning a
+ application/x-www-form-urlencoded response header with a name
+ set by the SessionHeader
+ directive. In both cases, any encryption or decryption, and the reading the
+ session from or writing the session to the chosen storage mechanism is handled
+ by the mod_session modules and corresponding configuration.
+
+
+ - Applications behind mod_proxy
+ - If the SessionHeader
+ directive is used to define an HTTP request header, the session, encoded as
+ a application/x-www-form-urlencoded string, will be made
+ available to the application. If the same header is provided in the response,
+ the value of this response header will be used to replace the session. As
+ above, any encryption or decryption, and the reading the session from or
+ writing the session to the chosen storage mechanism is handled by the
+ mod_session modules and corresponding configuration.
+
+ - Standalone applications
+ - Applications might choose to manipulate the session outside the control
+ of the Apache HTTP server. In this case, it is the responsibility of the
+ application to read the session from the chosen storage mechanism,
+ decrypt the session, update the session, encrypt the session and write
+ the session to the chosen storage mechanism, as appropriate.
+
+
+
Session