> Just to let anyone who was wondering (and for the benefit of the archives), > I ended up ditching sessions all together. Instead, I'm using > Apache::AuthDBI to do authentication, and am making calls directly to my > database server to maintain state. Its not the most pleasant way of > maintaining state, but at least it works.
Then this won't be much help to you anymore, but here are a couple of things that could have been happening: - Not getting the cookies sent from all frames. You may have a race condition involving when the cookie gets storeed and when other frames send their requests. - Not using the locking API correctly. You didn't post any code, but the locking options for Apache::Session sometimes trip people up and you may have had a misconfiguration of some kind. Anyway, there's nothing wrong with writing directly to the database. Apache::Session is just a convenient hash interface on top of that. - Perrin