On Tue, 2004-02-24 at 10:44, Enrico Sorcinelli wrote: > Wrapper or not, I think this is the moment to decide the future of > Apache::Session.
I'm not sure it needs to happen right this minute, but I do have an idea of what I would like to see happen with sessions in the mod_perl world. Apache::Session has been a problem for a long time. Part of it is Jeffrey's unresponsiveness to patches and bug reports, and part of it is the design, with the tied interface, and the save-on-DESTROY, and the mutually-exclusive locking. These have proved to be very problematic for new users, and I think most people would be better served by a simple OO interface with no magic. I haven't looked closely at SessionManager, and I would want to see what Dave has cooked up too, but the kind of thing I was thinking of would split things along these lines: WWW::Session (distribution name) WWW::Session::Glue (subclasses for Apache and CGI, to handle cookie/URL stuff) WWW::Session::Glue::ApacheFilter (mod_perl filter that adds session IDs to all URIs) WWW::Session::KeyGenerator (subclasses for various approaches) This would include handling of an MD5 or SHA1 digest for verifying that the session key was not tampered with. Note that there is no storage class above. I don't think that storage belongs as part of a session module at all, but rather as part of a separate module for working with shared hashes. I'm working on an IPC::SharedHash module which might be able to serve as a basis for this. It's a wrapper around various modules like BerkeleyDB, DBD::MySQL, etc. When Dave puts out his module, maybe we can look over all the session stuff on CPAN and figure out where to go from here. - Perrin -- Report problems: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html
