Dear All I'm writing a Session-Manager (transhandler) i.e deals with getting a session id from cookies, uri, or query args, and sets one and redirects if neccessary. This is meant to compliment Apache::Session - in that you use Apache::Session to store your session data. Thanks to Mat and Eric (for the addhandler issue yesterday) I can: - get a session from cookies, query args or via URI rewriting - change the order of the last two (i.e look in uri first, query args secound, or args first, uri secound). - Only look in cookies, or args or uri. - redirect if needed to set a session if none is found(default to one - configurable to off) . - match a uri to "session" i.e session-ing can be switched off for certain uri's. - store the session id / whether cookies are on / off in either pnotes or $ENV{} - debugging can be set for copious info on whats going on. - Note there is no validation of the session - this just fetches the session id, validating is up to other handlers. - I'm adding in a check_cookie funtionality that will try to set a cookie and then redirect to itself with a check in the URI, if no session is found. - lots of bonus unexplained funtionality .... aka bugs I'v not found or fixed. Much of the code is a rehash of the examples in Apache Modules in Perl & C. Now I want to deal with out-bound content/session ids - obviously cookies are easy as these could just be set in the transhandler and a ref placed in pnotes (and $ENV although I'm not sure on this bit as I've not tried it). But what to do with args or uri sessioning ? If relative urls are used the session appears to be preserved in netscape between different uri's (if using uri's). This means I can do reasonable transparent session handling with Cookies or URI mangling (ignoring session id leakage at this point). This works quite well (I happy with it!). Adding to the args of links is a different question - any one any clues ? I will either have to say that adding a session to your links if cookies are off is your issue within your content handler, or find a way of manipulating them - anyone any ideas ? If anyone wants a peek I can send them the code or post it here if there'ss demand. Its my secound stab, and the logic/ style / efficiency may leave something to be desired - constructive flames welcome! The main aim/motivation is for a very simple ecommerce thing where sessions are vital - and offsite/exterior links are few and exit points want to be tracked - hence URI rewriting is acceptable and a redirector is handy. Transparent session handling is a "nice" design goal. I may also throw in a redirector that will strip session args (if I can get $r->args(undef) to work ....) and/or uri's (which can help with exit tracking etc ...) before redirecting to the link to help with session leaks. Greg