perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Douglas Sims <>
Subject adding session id to entries in access log
Date Fri, 02 Oct 2009 06:21:46 GMT
We've just launched the first mod_perl site I've ever designed.  It's all
going very well so far but I'm sure there are some things worth improving.
I wonder if anyone might have suggestions about this scenario:

I want to add the session id to the access log entries.  This example: shows
how to write to a different logfile but I want to write to whatever would be
the normal access log for whatever VirtualHost it's in.   We've only got a
PerlResponseHandler now but I think this should probably go in a
PerlLogHander.  What's the best way to go about this?

We're very interested in tracking long-term user browsing behavior and so we
set one persistent cookie with a session key at each request if there's no
cookie or if the existing cookie is obsolete (user logged in, logged out,
more than 1 hour since last access, 12 since last visit, IP changed, or user
agent changed.)  If, when a new session id is created there is an existing
(but obsolete) session cookie then the obsolete one is stored in the
sessions table as the previous session key.

I've tried to follow the philosophy that Randal Schwartz described in a
recent thread here - a cookie is just a serial number for a browser.  By
rotating the cookies often we're hoping to avoid problems with stolen or
leaked sessions and by storing the previous session id (if there is one)
with every new session we're planning to be able to build a linked list of
session activity which we can correlate with specific users who log in at
any part of that linked list.

View raw message