httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <>
Subject Re: Apache support for form authentication
Date Sun, 06 Apr 2008 00:25:50 GMT
Chris Darroch wrote:

>   Great idea.  What would you think about converting from
> the session_save hook to a provider-based mechanism?  I can
> imagine that administrators might want/need to use one kind of
> storage provider (dbd, say) for sessions on high-priority virtual hosts,
> while using another less reliable storage provider on others.
>   Maybe this is possible with hooks if the storage modules return
> DECLINED unless they're the one that's most closely configured
> with a particular request.  Still, it might be a little cleaner
> if the caller just looks up the appropriate provider and calls it
> directly.
>   Again, great idea, thanks!

The session modules are all designed to go exclusively inside Directory 
and Location sections, which allow you to precisely target which URL 
space your session is valid for, and this can be repeated as many times 
as you like creating as many individual sessions as you like.

So for an online store, you might have covered by a 
low security session keeping track of basic user details and a shopping 
cart, while is protected by a separate high 
security session based on dbd or crypto.


<Location /store>
   Session On
   SessionCookieName shopping
<Location /checkout>
   Session On
   SessionDBDCookieName checkout
   SessionCryptoPassphrase secret

Is this what you had in mind?

>   Once more, with feeling, I'll plug the notion of a generic mod_shmap
> that implements shared map (key/value pair) storage, using any of
> various providers for each map: dbd, dbm, shared memory (w/ cyclic buffer),
> distcache, maybe memcached, etc.


Something I would like to see for a future 2.4 or 3.0 release is to 
achieve the goal of consolidation:

Identify areas of the server where functionality is being reinvented 
over and over, and then create key modules, like mod_shmap and 
mod_session to replace the reinvented functionality.

Then: collapse the repeated code.

The ultimate goal will be a smaller, tighter, but significantly more 
flexible server.


View raw message