Take a look at Apache::Session. No, it's not dependent on mod_perl or Apache. But it IS an excellent system for doing sessions. From your description below, it sounds like you'd use A:S as the backing store (it supports file & DBI stores), and write a module on top that implements the features you mentioned below. It would be easy to do IMHO. HTH.
Drew On 19 Mar 2002, Wizard wrote: > Ok, I've never developed a sessioning system > from scratch, so I have some questions. This > is what I am doing, and I want to know if > anyone sees any problems: > > User Database: > 1.> db_name > 2.> user_name > 3.> encrypted_password > 3.> email_address > 4.> permissions > > Sessions Database: > 1. Session_key > 2. ip_address (REMOTE_ADDR) > 3. user_name > 4. browser string (HTTP_USER_AGENT) > 5. expires (+20m) > 6. permissions, db_name, etc. > > Process: > 1.> Check for session <SESSION EXISTS> Is > cgi->param( username ) defined? <YES, USER > LOGGING-IN AGAIN -> Jump 'Create New > Session'> else Is there a session_key > available? <YES!> Is there a matching > db_record with the same ip_addr > (REMOTE_ADDR)? <YES> Has this session > expired? <NO> Does user_name_cookie and > UserAgent string match the record? <YES> Is > the record for the current db_name? <YES> > return permissions If any test fails, try > 'Create New Session' > 2.> Create New Session Does cgi->param( > user_name ) match a user_db record? <YES> > Does the encrypted version of cgi->param( > password ) match record? <YES> create > session, set cookie, return permissions <NO> > return 'PWD_NO_MATCH' error <NO> Create an > anonymous user record, set cookie, return > low-privileges Any failures return a > warning, error, or undef, depending on > severity. > > Does this look right? Any help is appreciated, > Grant M.
