On 15 May 2011, at 1:46 AM, William A. Rowe Jr. wrote:

No argument, but there are 1) minor quibbles with the apr-2 interface, and 2) some significant work to replace the original with the new interface, and not sure who has cycles to attack this in the near term. If it is fixed, re-adding mod_session during 2.4.x cycle would be relatively painless, no?

The only module affected is mod_session_crypto.c, I'm not sure how the scope has expanded to cover mod_session*.

Taking out mod_session* would also mean taking out mod_auth_form, which in turn would be a lot of work, and would take out a major new feature of v2.4. It would be a far better use of our time just taking out mod_session_crypto.c if it had to come down to it.

Full docs are here:

http://httpd.apache.org/docs/trunk/mod/mod_auth_form.html
http://httpd.apache.org/docs/trunk/mod/mod_session.html
http://httpd.apache.org/docs/trunk/mod/mod_session_cookie.html
http://httpd.apache.org/docs/trunk/mod/mod_session_dbd.html
http://httpd.apache.org/docs/trunk/mod/mod_session_crypto.html

Regards,
Graham
--

Reply via email to