Nicolas Lehuen wrote:
+1 for PythonOption session_<variable> <value>
Unless choosing a specificc configuration directive has something to
do with security (i.e. no overloading of the settings in .htaccess
files) ?
Not currently - it's just a cut and paste of directive_PythonOption
after all. However, a few weeks ago when we first discussed
req_get_session, one of the motivations was to give the apache server
admin more control over the session handling. So maybe we do need to
look at this from security perspective?
Jim
Regards,
Nicolas
2005/6/15, Nick <[EMAIL PROTECTED]>:
Jim Gallacher wrote:
Just so I'm *really* clear, do you mean the current scheme for session
handling would also be disabled?
The more I think about it, you're right; you can just set up the session
stuff without directives just the same by importing mod_python.Session and
going from there. So that line of reasoning has no merit.
I was confused by the adding of a new directive, which seems to indicate
that there would be some "default" Session handler being loaded if you
didn't specify one using the directive. Because in the old scheme there
wasn't really any "default" session handling, unless you outright imported
the libary and started using it. If it's going to work exactly the same way
as it did before, except now you can configure some defaults in the apache
config, then I'm probably worried over nothing. But it probably should have
an option for "None" or "disabled," which would be the default, meaning I
don't care to use the supplied session handlers, even though it didn't
really do anything extra than it does now.
But in that case, why not use "PythonOption session_<config_var> <value>",
which is probably what you were asking about in the first place, which I
think someone else mentioned as well. That doesn't imply that there is some
kind of default session handling, just the standard way of passing values
from the apache config to python code. If the plan is to implement a pure C
session handler, then PythonSessionOption makes sense, but otherwise it
doesn't seem necessary.
Nick
