Re: [RFC] Apache::SessionManager
On Friday, August 2, 2002, at 05:40 PM, Enrico Sorcinelli wrote: > The only way that I know to have a session framework is to use mod_perl > application server like AxKit, HTML::Mason or Apache::ASP ... > Actually the AxKit one doesn't require AxKit - but it ships with an XSP taglib to access the values easily, that's all. Matt.
Re: [RFC] Apache::SessionManager
Enrico Sorcinelli wrote: >>Incidentally there is also >>a session manager module very similar to this in the Extropia modules. > > > Sincerely, I don't know Extropia modules! You can find some documentation on them here: http://www.extropia.com/support/docs/adt/customization.html#Session_and_Session_Manager_Conf They're not on CPAN, so I'm not surprised you didn't see them. - Perrin
Re: [RFC] Apache::SessionManager
On Fri, 02 Aug 2002 13:12:30 -0400 Perrin Harkins <[EMAIL PROTECTED]> wrote: > Right, that's my point. Your module has overlap with them in terms of > managing cookies and specifying locations, but adds the actual calls to > Apache::Session. If I were doing something like this, I would probably > start with one of the Auth modules, which already do a good job of > handling things like cookie verification and even cookie-less sessions, > and add the actual Apache::Session glue. The merge code solution is a possible solution that I'll consider > It might at least be worth stealing some code from the other modules, > like the ticket-based cookies idea, but of course you can do what you > like. I think it's good to have a module like this, and if you put > yours out there people can contribute to it. Thanks, I'll do it as soon as possible... > Incidentally there is also > a session manager module very similar to this in the Extropia modules. Sincerely, I don't know Extropia modules! > > > I've written Apache::SessionManager to be used _also_ in a mod_perl handlers > > > > or in a CGI script over Registry. > > The Apache::Auth modules also support that. The Apache::Auth* family support authentication with cookies but there aren't methods to store persistent data over HTTP requests (other than session key) Apache::SessionManager only manage sessions and actually you can write a custom PerlAuthenHandler to autohorize user accesses to certain resources Bye - Enrico = Enrico Sorcinelli - Gruppo E-Comm Italia On Line S.p.a. E-Mail: [EMAIL PROTECTED]
Re: [RFC] Apache::SessionManager
Enrico Sorcinelli wrote: >>Some of the Apache::Auth* modules like Apache::AuthCookieURL are close, >>but I don't know of any that do the actual glue with Apache::Session. >>You might want to look at some of the existing modules and see if a >>merge of some kind is possible. > > This modules haven't glue with Apache::Session Right, that's my point. Your module has overlap with them in terms of managing cookies and specifying locations, but adds the actual calls to Apache::Session. If I were doing something like this, I would probably start with one of the Auth modules, which already do a good job of handling things like cookie verification and even cookie-less sessions, and add the actual Apache::Session glue. It might at least be worth stealing some code from the other modules, like the ticket-based cookies idea, but of course you can do what you like. I think it's good to have a module like this, and if you put yours out there people can contribute to it. Incidentally there is also a session manager module very similar to this in the Extropia modules. > I've written Apache::SessionManager to be used _also_ in a mod_perl handlers > or in a CGI script over Registry. The Apache::Auth modules also support that. - Perrin
Re: [RFC] Apache::SessionManager
On Fri, 2 Aug 2002 16:31:04 +0100 (BST) Matt Sergeant <[EMAIL PROTECTED]> wrote: > There's the AxKit one, which does something pretty similar - > AxKit::XSP::Session I think it's called. It seems to be two modules that manage sessions over AxKit: Apache::AxKit::Plugin::Session (flexible session management for AxKit) and AxKit::XSP::Session but both requires AxKit framework (and Apache::Session, of course) The main reason for which I've written Apache::SessionManager is that only mod_perl is required (and Apache::Session, ;-)) I consider AxKit a powerful appserver (that I've used in the past) but for some applications I only had need of simple mod_perl handlers Thanks - Enrico = Enrico Sorcinelli - Gruppo E-Comm Italia On Line S.p.a. E-Mail: [EMAIL PROTECTED]
Re: [RFC] Apache::SessionManager
On Fri, 02 Aug 2002 11:33:15 -0400 Perrin Harkins <[EMAIL PROTECTED]> wrote: > Enrico Sorcinelli wrote: > > Apache::SessionManager creates an object session (in Header parsing phase, > > but not obligatorily) and make it available to all other handlers > > transparently by putting in pnotes. Others handlers can retrieve session > > directly from pnotes or by calling the simple function > > Apache::SessionManager::get_session($r) > > It would be better if you don't instantiate the session until someone > asks for it the first time. >That will prevent unnecessary work. Also, > when using Apache::Session with any locking module except NullLocker, > it's very important to have the session object exist for the shortest > possible time because it is locking out all other access to that session > while it exists. (For this reason, it's also very important to make > sure that requests for images and other static objects don't instantiate > Apache::Session objects.) > With Apache::SessionManager you can use tree distinct mechanism to prevent this: 1) By activating the module only certain Location or Directory block: PerlHeaderParserHandler Apache::SessionManager PerlSetVar SessionTracking On 2) By setting 'SessionItemExclude' directive to bypass all request matching the regexp. For example with: PerlSetVar SessionItemExclude "\.m.*$" all the request (URI) ending by ".mpeg", ".mpg" or ".mp3" will be declined (no session object are created) 3) By de-activating the module in Location or Directory block: PerlSetVar SessionTracking Off > Some of the Apache::Auth* modules like Apache::AuthCookieURL are close, > but I don't know of any that do the actual glue with Apache::Session. > You might want to look at some of the existing modules and see if a > merge of some kind is possible. > This modules haven't glue with Apache::Session The only way that I know to have a session framework is to use mod_perl application server like AxKit, HTML::Mason or Apache::ASP ... I've written Apache::SessionManager to be used _also_ in a mod_perl handlers or in a CGI script over Registry. Thanks for your interest - Enrico = Enrico Sorcinelli - Gruppo E-Comm Italia On Line S.p.a. Via Malagoli, 12 - 56124 Pisa Tel. +39 050 944303 E-Mail: [EMAIL PROTECTED]
Re: [RFC] Apache::SessionManager
On Fri, 02 Aug 2002 23:56:18 +0900 Tatsuhiko Miyagawa <[EMAIL PROTECTED]> wrote: > Apache::SessionManager has once been discussed here. > AFAIK it's not on CPAN though .. > http://mathforum.org/epigone/modperl/clarcloigol > Hi Tatsuhiko, I'am in modperl list from beginnig of 2001. The thread you've linked me is out of date (October 2000!). Moreover in CPAN there is no module with the same name. Simply I've not found it and I've chose this name! Yes, there is a conflictual namespacing but the two modules make _two_ different things! - Apache::SessionManager that I propose is a wrapper around the Apache::Session persistence framework for session data. My module use pnotes()to pass arbitrarly data across handlers and has a expiration session mechanism. I make this for transparent session management while write my modules using Apache::Session. - After some search I've found the other (I think) module on sourceforge but last update is out of date (2000-10-29 16:00)! After some analisys I've seen that the other module hasn't support for persistence data and has own ID generation algorythm. There is no glue with Apache::Session. This store only session value into notes(). Bye - Enrico = Enrico Sorcinelli - Gruppo E-Comm Italia On Line S.p.a. Via Malagoli, 12 - 56124 Pisa Tel. +39 050 944303 E-Mail: [EMAIL PROTECTED]
Re: [RFC] Apache::SessionManager
Enrico Sorcinelli wrote: > Apache::SessionManager creates an object session (in Header parsing phase, > but not obligatorily) and make it available to all other handlers > transparently by putting in pnotes. Others handlers can retrieve session > directly from pnotes or by calling the simple function > Apache::SessionManager::get_session($r) It would be better if you don't instantiate the session until someone asks for it the first time. That will prevent unnecessary work. Also, when using Apache::Session with any locking module except NullLocker, it's very important to have the session object exist for the shortest possible time because it is locking out all other access to that session while it exists. (For this reason, it's also very important to make sure that requests for images and other static objects don't instantiate Apache::Session objects.) > After some search on CPAN I haven't found a mod_perl module that does > the same thing (right?). Some of the Apache::Auth* modules like Apache::AuthCookieURL are close, but I don't know of any that do the actual glue with Apache::Session. You might want to look at some of the existing modules and see if a merge of some kind is possible. - Perrin
Re: [RFC] Apache::SessionManager
There's the AxKit one, which does something pretty similar - AxKit::XSP::Session I think it's called. On Fri, 2 Aug 2002, Enrico Sorcinelli wrote: > Hi all, > > I would like to propose a new Apache module before I send it off to > CPAN. The namespace I've chosen is Apache::SessionManager. > > This module is a an Apache/mod_perl module and use Apache::Session to > track user's sessions over HTTP request. > Simply Apache::SessionManager help me with session management. > > Apache::SessionManager creates an object session (in Header parsing phase, > but not obligatorily) and make it available to all other handlers > transparently by putting in pnotes. Others handlers can retrieve session > directly from pnotes or by calling the simple function > Apache::SessionManager::get_session($r) > > After some search on CPAN I haven't found a mod_perl module that does > the same thing (right?). > The module is work in progress, of course, even if already I use it. -- <:->Get a smart net
Re: [RFC] Apache::SessionManager
Apache::SessionManager has once been discussed here. AFAIK it's not on CPAN though .. http://mathforum.org/epigone/modperl/clarcloigol At Fri, 2 Aug 2002 16:59:43 +0200, Enrico Sorcinelli wrote: > > After some search on CPAN I haven't found a mod_perl module that does > the same thing (right?). > The module is work in progress, of course, even if already I use it. -- Tatsuhiko Miyagawa <[EMAIL PROTECTED]>
