Hello all, I'm having something of a disconnect in my brain because I've absorbed a lot of mod_perl info in a very short period of time, so bear with me. =)
Last week, I figured out how to use Apache::Session::File and got it working nicely. This week, I've figured out how to use Apache::AuthCookieDBI and also got it working nicely. Now to figure out how to make them play nicely together. :-) I think I'm getting confused because there's two different concepts of 'session' at work here. The AuthCookie concept of a session is tracking multiple page hits from an authenticated user - sessions as a security device. The Apache::Session concept of sessions is to pass data from request to request - state maintenance. (Correct me if I'm wrong) It would seem that I would want to use the key generated / returned-via-cookie in the AuthCookie processing to be used as the key to create/access the Apache::Session session. I imagine this is a pretty common task. My question is this: how do I make this connection? Do I store the key away in the Authen/Authz phases with pnotes() and then get it in the content generation phase when I'm getting/setting data into the Apache::Session object? Do I subclass further from AuthCookieDBI and provide hooks in the authorize() method to create an Apache::Session object at that time using the AuthCookie key? I'm just a tad confused, being a first-timer. =) The big picture is simple: I want to know what user is logged in and make sure his session is valid, and I want to store user preferences in his session so that I know how to customize his interface. You know, maybe we have a user_preferences table in the database, and upon successful login, I want to set up an Apache::Session object to figure out things like what color scheme this user wants and what region of the country he's in so I can present region-specific data. How do I approach this task? Thanks, Fran
