I think the way to go is PythonOption now, then consider
PythonSessionOption later - I too do not like too many options and am not
sure that session handling is a core function.
Changing it later (if we decide to) should not be a big problem - it's
pretty easy to just spit our a wrning that says "change your directive to
this".
Grisha
On Fri, 24 Jun 2005, Nick wrote:
My feelings are 2-fold:
1. I don't think session management is strictly part of mod_python as an
apache handler, but rather as a utility module that can be used in
conjunction with it. In that sense, I don't think it needs its own
directive.
2. I'd rather see more time spent on outstanding release issues :)
Nick
Jim Gallacher wrote:
Nicolas Lehuen wrote:
Is there a way to forbid PythonSessionOption from appearing in a
.htaccess file ? If not, then there is no advantage (security-wise) in
having a different configuration directive.
I know we've decided on using PythonOption session_* instead, but looking
at http://www.apachetutor.org/dev/config under the "Scope of
Configuration" it looks like it may not be that hard to restrict the use
of PythonSessionOption in a .htaccess file.
Is it worth persuing? Now is the time to do it. If we change it later it
means everyone will need to refactor their config files and any subclasses
of BaseSession.
Regards,
Jim
