Well, not all session managers are 'created equal' in some respects. If you always just do cookie based sessions then I pretty much agree, Apache::Session:Flex with whatever little plugin/handler glue you want to use to do setup and teardown is fine and we have already a few more modules that do it than we REALLY need...
Then again, other possibilities for session management exist... URL based for instance (which is where you get into stuff like JW's modules which can at least theoretically be made to do sessions via URL). Other possibilities exist as well like 'basic auth' sessions. Factoring the API away from XSP IMHO is more likely to work in more places, albeit not always 100% transparently. Now, auth/authz is where perhaps some nice work could go on. 1st problem there is to abstract out the differences between security models. For example some applications are role-based, others use a simple flat model or ACL based authz. On Wednesday 07 January 2004 10:57 am, Sean Evans wrote: > I'd like to smell that "fresh new lemon scent." ;-) > > From the perspective of this AxKit user, the specific session > implementation is fairly irrelevant. I mean, they're all derived from the > same source, more or less, and the small feature differences between them > aren't enough to really distinguish one from another (for me, anyways). > What counts most for me is how easy they install, and how quickly I can > forget they exist, thereby getting my job done. Let's pick one > implementation and make certain that it installs easily with a modicum of > gotchas. > > -- > Sean Evans > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] -- Tod Harter Giant Electronic Brain http://www.giantelectronicbrain.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]