Gerald Richter wrote:
>
> Hi Greg,
>
> >
> > I also hot heard anything back from the poeple I sent a copy to, I can
> > hence only assume that its so good that it's made them speachless ;-)
> >
>
> That's more a matter of time, then a matter of speach...
I am up against a deadline and hence will be a little short - but this
is excellent.
> Greg, I have taken a look at your module and the code and I think it is
> really worth publishing it.
>
> I have three anonations:
>
> 1.)
>
> $r->header_out(Location => $r->uri());
>
> Also this code works with most browsers it doesn't conform to the HTTP
> specs. A location header must include a host part. Shouldn't be to hard add
> something like
>
> $r->header_out(Location => 'http://' . $r -> server -> server_hostname .
> $r->uri());
Seems easy - will add it in.
> 2.) You use global variables for configuration. While this is fast and easy
> your aren't be able to have different configurations for different
> directories or virtual hosts. From my point of view this is a must! I want
> to only run SessionManager for certain directories and are able to use
> different configurations for different applications.
>
> I would highly recomend to use PerlSetVar for configuration.
Ok - will require some changes - will add these.
>
> 3.) You have a hard coded make_session_id function. This function should be
> customable i.e. calling a user defined function which returns a new session
> id and there should be some way to interact with Apache::Session which
> already have a (configurable) class that generates session ids. Before the
> session id is send out to the browser, there must be some way to check if it
> is valid i.e. doesn't already exists, because it can't be (easily) corrected
> afterwards.
I had orgininally though of this, and decided against as this was
simpler.
My orgininal thoughts were to:
a) keep it very small (the whole thing => fast)
b) Keep it very simple
The logic is that this module just gets the session ID and other
handlers / modules authenticate that session ID. If it is wrong then
you need to either change the cookie or redirect to a different ID (if
no cookies are set).
I can see that adding a call back to a user defined subroutine that
returns a Session ID would be possible.
Adding in a link to Apache::Session would also be possible.
As I wrote above I am up against a deadline and will not be able to do
anything till next week - I will impliment the above in the order they
are writen as they are in simplest -> complex ity order.
Thanks Gerald for the feedback above - much appreciated (even if there
are quite a few good ideas that involve changes !)
Thanks again
Greg
>
> Gerald
>
> -------------------------------------------------------------
> Gerald Richter ecos electronic communication services gmbh
> Internetconnect * Webserver/-design/-datenbanken * Consulting
>
> Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz
> E-Mail: [EMAIL PROTECTED] Voice: +49 6133 925151
> WWW: http://www.ecos.de Fax: +49 6133 925152
> -------------------------------------------------------------
