httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@joe-lewis.com
Subject Re: maintaining sessions among multiple processes
Date Sat, 03 Oct 2009 16:31:02 GMT
> On Fri, Oct 2, 2009 at 2:16 PM, Nick Kew <niq@apache.org> wrote:
>>> i'm using apache 2.2 mpm-worker and have noticed that incoming
>>> requests are dispatched to apache processes in a way that makes it
>>> hard for me to maintain sessions in my module. i'm using the user
>>> field of the request_rec as session key
>>
>> Huh?  The request_rec has the lifetime of a request.  Nothing on
>> it will preserve a session across requests.
>
> i agree, but if the application has one session per user and all users
> are authenticated, then the user field of the request rec works fine
> as session token
>

Most session management is implemented in a higher layer (the application
such as PHP or Java's Hibernate).  It is possible and has been
implemented.

Under the caveats you later write, using r->user is not fine for a session
token.  Until the user has authenticated, that data wouldn't be available
in the authenticated session.  You would have to use cookies as session
managers.  Apache 2.3 has mod_session.  You might want to take a look at
the code.

If you must reinvent the wheel, it may be simpler to use mod_unique_id. 
Since mod_unique_id generates a different ID for each request (not across
all requests by the same session), you would check to see if the browser
cookie is there, and if not, copy it from mod_unique_id for your session
key, and send the cookie to the browser.  Your session will have been
started, and the cookie will be available across all subsequent requests,
giving you what you need.  Your apache source components used are
r->headers_in and r->headers_out .

Joe


Mime
View raw message