On Wed, 4 Oct 2000 [EMAIL PROTECTED] wrote:
> I have an authentication scheme which checks every request for a valid
> cookie, and if your session has timed out redirects to a login page. After
> logging in, the request is resubmitted as a GET. This works great except
> when the original post is large--the redirect URL gets way too long (10K
> or more).
>
> I was thinking about saving the posted data to a temporary file and
> reading it back in after the login succeeds, but this seems messy and
> error-prone. Has anyone else had this problem? Are there any modules
> (maybe session mgmt stuff?) that could be easily adapted to handle this?
Writing to the FS is IMHO very dangerous when you are under heavy
traffic. You end up with lots of file locking issues and such. Here is a
very simple solution. Upon authentication store the session and all info
in the db. Cook up a unique MD5 on the userID / login time and use that
as the primary key.
use storable to freeze complex data structure and unthaw them when the
session is restored.
/* begin psuedo code */
sub new {
# duh
}
sub createSession {
create md5 checksum using login time
insert into a sessions table
}
sub restoreSession {
get session from post or get
select session from db
thaw the storable
}
sub updateSession {
duh
}
sub destroySession {
delete session or mark for deletion
}
