Hello mod_perl users, I am developing a mod_perl module (MyModule) to manage sessions/authentication. This module: - uses Apache::Session to store session-related information - is cookie-based - manages session inactivity
This module could be used in the following example. <Location /protected_url> PerlAuthenHandler MyModule AuthType Basic AuthBasicProvider ... require valid-user PerlFixupHandler MyModule->cookie_create_refresh </Location> If request has no cookie, then basic authentication is required. If basic authent is correct, then a cookie is created in the fixup handler. If request has a cookie, then the cookie is refreshed in the fixup handler. A basic description of the module in pseudo-perl: package MyModule; use Apache::Session::xxx; use Apache::Cookie; sub handler{ my $r = shift; if (cookie_not_present_in_request()){ return DECLINED; } return cookie_verify(); #use of Apache::Session as a DB storage } sub cookie_create_refresh{ my $class = shift; if (cookie_not_present_in_request()){ create_cookie_with_Apache::Session::xxx_module(); create_cookie_with_Apache::Cookie_module(); } else { refresh_cookie_with_Apache::Session::xxx_module(); refresh_cookie_with_Apache::Cookie_module(); } return OK; } The module I am developing has to delete the cookie if it is not refreshed regularly. The question: how can I manage this timeout inactivity ? The best solution would be to use a mechanism where callbacks (deleting the cookie rfom the database) would be called automatically on inactivity. Does such an API is proposed by : . the APR API . mod_perl API . an Apache2::xxx perl module . a CPAN module If not, how can I solve my problem ? (I could verify regularly in the DB storage, but this is a last resort solution. Even in this case, how could I implement it ?) Thanks Gaetan