Gerald Richter wrote:
>
> > Q1: I want to give user a possibility to access his session data even
> > after browser change etc, so I could check username/password and send
> > him back cookie/url with his old session id. How can this be done in
> > Embperl?
> >
> At the moment I don't see a direct possibility. You could store the usename
> in the session data and iterate over all session to figure out the right
> one, but at the moment Apache::Session/SessionX doesn't have the possibility
> to iterate over all sessions. Also this would be nice to have.
>
> I plan to build to possibility into 1.3.4 to use the username as session id.
> Of course the username must be know to use session data in this case.
I can iterate the username list in the application myself (as a matter
of fact I have a reverse lookup table with user names and user sessions
already for other reasons) but I don't know what to do when I've got the
right session id. I could send the cookie manually but it seems
stupid... Maybe I'm not clear enough, here's the (pseudo)code
[$ if ($udat{username}) $]
Hi, [+ $udat{username} +]
[$ elsif ($fdat{username} || $fdat{password}) $]
[- $session_id = find_session_id($fdat{username}, $fdat{password}) -]
[$ if ($session_id) $]
...
now I know session id and I need to send the sesioon token to the
user's browser
if I send cookie manually, it'll break when I switch to url-rewriting
etc
...
[$ else $]
Invalid username or password
[$ endif $]
[$ endif $]
> > Q2: How can I reuse existing db connection? The Apache::DBI hint
> > doesn't work for me because I can't use Apache::DBI (need to connect to
> > different databases for different virtual hosts). Is there some
> > possibility to set say $HTML::Embperl::...::SessionDBH to my already
> > open dbh? or use some $req_rec->pnotes trick?
> >
> Apache::DBI handles multiple databases (also multiple usernames) correctly.
> So this should work with Apache::DBI
I don't understand. Apache::DBI's persistent connection feature would
lead to several Postgres childs per one Apache child which is clearly
wrong. Are you referring to some other Apache::DBI feature? Looking
right now at the docs but I don't see anything relevant...
> If you want to have different DB's for session handling, then you have a
> problem. Embperl currently only supports one session setup for the whole
> server. You can use different EMBPERL_COOKIE_NAME settings, to make sure
> your different virtual host, doesn't share the same session.
Different virtual host have different session needs. One has a lot of
short-term sessions so I have to remove old ones quite often, another
one have long-term sessions only that should never get removed. I
thought having a DB per virtual host would just be more secure but it's
not critical, I'll just have to be more carefull when coding the delete
subroutine ;-) When I'm thinking about several programmers deleting
their applications' old sessions only... from the same table... someone
is going to make a mistake sonner or later.
On the other hand the virtual hosts that need database AND sessions will
still need to connect twice. If I put a session table to every database
I have both security and performance benefits.
- Robert
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
