Hello mod_perl users,
I am developing a mod_perl module (MyModule) to manage
sessions/authentication.
This module:
- uses Apache::Session to store session-related information
- is cookie-based
- manages session inactivity
This module could be used in the following example.
<Location /protected_url>
PerlAuthenHandler MyModule
AuthType Basic
AuthBasicProvider ...
require valid-user
PerlFixupHandler MyModule->cookie_create_refresh
</Location>
If request has no cookie, then basic authentication is required.
If basic authent is correct, then a cookie is created in the fixup
handler.
If request has a cookie, then the cookie is refreshed in the fixup handler.
A basic description of the module in pseudo-perl:
package MyModule;
use Apache::Session::xxx;
use Apache::Cookie;
sub handler{
my $r = shift;
if (cookie_not_present_in_request()){
return DECLINED;
}
return cookie_verify(); #use of Apache::Session as a DB storage
}
sub cookie_create_refresh{
my $class = shift;
if (cookie_not_present_in_request()){
create_cookie_with_Apache::Session::xxx_module();
create_cookie_with_Apache::Cookie_module();
}
else {
refresh_cookie_with_Apache::Session::xxx_module();
refresh_cookie_with_Apache::Cookie_module();
}
return OK;
}
The module I am developing has to delete the cookie if it is not refreshed
regularly.
The question: how can I manage this timeout inactivity ?
The best solution would be to use a mechanism where callbacks (deleting the
cookie rfom the database) would be called automatically on inactivity.
Does such an API is proposed by :
. the APR API
. mod_perl API
. an Apache2::xxx perl module
. a CPAN module
If not, how can I solve my problem ? (I could verify regularly in the DB
storage, but this is a last resort solution. Even in this case, how could I
implement it ?)
Thanks
Gaetan
