André Warnier wrote:
Hi gurus.
Do I understand this correctly that if in a Perl Handler i get
my $c = $r->connection();
then $c is the object that represents the persistent TCP/IP connection
between the browser and the server, in case there is "keep-alive" going
on ?
>
Now lets say that I create an authentication method based on the Request
(as they tend to be usually).
On the first request, the authentication happens, and I set a
$c->notes('credentials') value. I also set a browser cookie.
On subsequent requests, I could check this $c->notes('credentials')
first, in case a previous request over the same connection already
resulted in authentication, could I not ?
I just read the docs, and though it doesn't explicitly say that that
that would, or wouldn't work, but the existance of $c->keepalives()
makes me think that it would work. It'd be pretty easy to confirm
though, so i'd suggest you do that.
In the worst case, the connection is new and I would not have these
notes (meaning I then need to get the cookie, and in its absence redo an
authentication); but in the vast majority of cases (depending on
keep-alive), I could save myself some overhead by considering the
connection as authenticated instead of the request, no ?
Or are there some pitfalls here of which I am ignorant ?
Or is the potential gain not worth the cost of getting the $r->connection ?
If you've got a heavily trafficked site, and confirming that your auth
cookies are valid is expensive, then doing something like this could
make sense. How much of an effect it's going to have is something that
would be very dependent on the clients your site has more than anything
though. You'd might want to do some investigation into how much of your
traffic actually comes from from requests through a connection that was
kept-alive by keep-alive.
It is an interesting idea though.
Adam