Mailing-List: contact modperl-help@apache.org; run by ezmlm
Precedence: bulk
Message-ID: <3D4ABD7E.9090007@elem.com>
Date: Fri, 02 Aug 2002 13:12:30 -0400
From: Perrin Harkins <perrin@elem.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
 rv:1.1a) Gecko/20020611
MIME-Version: 1.0
To: Enrico Sorcinelli <e.sorcinelli@pisa.iol.it>
CC: modperl@perl.apache.org
Subject: Re: [RFC] Apache::SessionManager
References: <20020802165943.3ca21dc4.e.sorcinelli@pisa.iol.it>
	<3D4AA63B.9090906@elem.com>
 <20020802184008.1e8417e1.e.sorcinelli@pisa.iol.it>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Enrico Sorcinelli wrote:
>>Some of the Apache::Auth* modules like Apache::AuthCookieURL are close, 
>>but I don't know of any that do the actual glue with Apache::Session. 
>>You might want to look at some of the existing modules and see if a 
>>merge of some kind is possible.
> 
> This modules haven't glue with Apache::Session

Right, that's my point.  Your module has overlap with them in terms of 
managing cookies and specifying locations, but adds the actual calls to 
Apache::Session.  If I were doing something like this, I would probably 
start with one of the Auth modules, which already do a good job of 
handling things like cookie verification and even cookie-less sessions, 
and add the actual Apache::Session glue.

It might at least be worth stealing some code from the other modules, 
like the ticket-based cookies idea, but of course you can do what you 
like.  I think it's good to have a module like this, and if you put 
yours out there people can contribute to it.  Incidentally there is also 
a session manager module very similar to this in the Extropia modules.

> I've written Apache::SessionManager to be used _also_ in a mod_perl handlers 
> or in a CGI script over Registry.

The Apache::Auth modules also support that.

- Perrin