Dear All
I'm writing a Session-Manager (transhandler) i.e deals with getting a
session id from cookies, uri, or query args, and sets one and redirects
if neccessary. This is meant to compliment Apache::Session - in that
you use Apache::Session to store your session data.
Thanks to Mat and Eric (for the addhandler issue yesterday) I can:
- get a session from cookies, query args or via URI rewriting
- change the order of the last two (i.e look in uri first, query args
secound, or args first, uri secound).
- Only look in cookies, or args or uri.
- redirect if needed to set a session if none is found(default to one -
configurable to off) .
- match a uri to "session" i.e session-ing can be switched off for
certain uri's.
- store the session id / whether cookies are on / off in either pnotes
or $ENV{}
- debugging can be set for copious info on whats going on.
- Note there is no validation of the session - this just fetches the
session id, validating is up to other handlers.
- I'm adding in a check_cookie funtionality that will try to set a
cookie and then redirect to itself with a check in the URI, if no
session is found.
- lots of bonus unexplained funtionality .... aka bugs I'v not found or
fixed.
Much of the code is a rehash of the examples in Apache Modules in Perl &
C.
Now I want to deal with out-bound content/session ids - obviously
cookies are easy as these could just be set in the transhandler and a
ref placed in pnotes (and $ENV although I'm not sure on this bit as I've
not tried it).
But what to do with args or uri sessioning ?
If relative urls are used the session appears to be preserved in
netscape between different uri's (if using uri's). This means I can do
reasonable transparent session handling with Cookies or URI mangling
(ignoring session id leakage at this point). This works quite well (I
happy with it!).
Adding to the args of links is a different question - any one any clues
?
I will either have to say that adding a session to your links if cookies
are off is your issue within your content handler, or find a way of
manipulating them - anyone any ideas ?
If anyone wants a peek I can send them the code or post it here if
there'ss demand. Its my secound stab, and the logic/ style / efficiency
may leave something to be desired - constructive flames welcome!
The main aim/motivation is for a very simple ecommerce thing where
sessions are vital - and offsite/exterior links are few and exit points
want to be tracked - hence URI rewriting is acceptable and a redirector
is handy. Transparent session handling is a "nice" design goal.
I may also throw in a redirector that will strip session args (if I can
get $r->args(undef) to work ....) and/or uri's (which can help with exit
tracking etc ...) before redirecting to the link to help with session
leaks.
Greg
