I'm a complete newbie to mod_perl, and after reading the following documentation:
http://perl.apache.org/docs/1.0/guide/porting.html I am scared witless by the fact that many variables don't get reinitialized between calls to the CGI scripts. Particularly scary is the example provided on that page, where the authentication status is stored in a global variable that doesn't get reinitialized. In that example, if Joe logs into the system, and Jane then runs the script, she can get access to the system also without every logging in, because Joe's authentication status is still there. YIKES! The document says that this kind of problem can easily be avoided by putting all of the functionality into packages, and having the scripts do little more than load a package and invoke a run() method or something. But I'm not convinced, because package variables are not reinitialized either! For example, suppose I have a script login.cgi, which does something like this: ---- Use Login; Login::run(); ---- And suppose that a package variable $Login::credentials is used to store the user's credentials (instead of passing them around from function to function inside the package). In that situation, you could also end up with the same problem, because $Login::credentials does not get reinitialized between invocations of the script. Fortunately for me and my team, we mostly use an object oriented approach, and we would never implement the login in that way. Instead, we would have a class Login, and the credentials would be an instance variable of the Login class. Since instance variables are necessarily reinitialized upon construction, the credentials would not be carried over from script invocation to script invocation. But... we don't have control over how third party modules were implemented, and we use A LOT OF THEM. So I am still very concerned about that, because we could end up using a third party module that makes use of package variables in a way that is not mod_perl friendly. Even with our object oriented approach, there are cases where we still use package variables to store a single instance of a class object that: - Is expensive to instantiate - Never needs to have more than one instance in the system In other words, in some limited cases, we use package variables to implement the Singleton design pattern. In those situations, our Singleton would not get reinitialized between script invocations. Am I being too conservative here, or am I right to be that nervous? What precautions can we take to prevent this sort of thing from happening? Thx. Alain Alain Désilets Agent de recherche | Research Officer Institut de technologie de l'information | Institute for Information Technology Conseil national de recherches du Canada | National Research Council of Canada
