Re: speed up/load balancing of session-based sites

[Differentiated Software Solutions Pvt. Ltd.]

Hi,

Pardon my ignorance, what is storable.

Murali
-Original Message-
From: Rodney Broom <[EMAIL PROTECTED]>
To: Perrin Harkins <[EMAIL PROTECTED]>; Jeremy Howard
<[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: 10 May 2000 13:13
Subject: Re: speed up/load balancing of session-based sites


>> > Murali said:
>> > > a) NFS mount a server which will store all session data
>
>Just a note, NFS in specific can be very problematic. It takes some real
>tuning to get it just right. As for distributed data; session data ~should~
>be small, under a kB. So you could move it around in almost any fassion you
>like and still be pretty efficiant.
>
>On that, you can use Storable to push around really compact/complete Perl
>data structures.
>
>Rodney

Re: speed up/load balancing of session-based sites

[Leslie Mikesell]

According to G.W. Haywood:
> Hi there,
> 
> On Tue, 9 May 2000, Leslie Mikesell wrote:
> 
> > I'm more concerned about dealing with large numbers of simultaneous
> > clients (say 20,000 who all hit at 10 AM) and I've run into problems
> > with both dbm and mysql where at a certain point of write activity
> > you basically can't keep up.  These problems may be solvable but
> > timings just below the problem threshold don't give you much warning
> > about what is going to happen when your locks begin to overlap. 
> 
> Can you use a RAMdisk?

Not for everything - the service is spread over several machines.

  Les Mikesell
   [EMAIL PROTECTED]

Mod perl training material

[Differentiated Software Solutions Pvt. Ltd.]

Hi,

We're devising some training material for new people in our firm.
Can any body suggest a site which gives some decent exercises in CGI/Perl
and mod+AF8-perl. Something like a project which can be completed in 2 weeks, at
the end of which they'll have a hang of all basics. I would also like them
to use DBI in this period.

Thanks

Murali

Differentiated Software Solutions Pvt. Ltd.,
176, Gr. Floor, 6th Main
2nd Block RT Nagar
Bangalore - 560 032
India
Ph: 91 80 3431470
email : diffs+AEA-vsnl.com
http://www.diffs-india.com

Re: Running file based sessions via NFS

[siberian]

Yes Jeffrey, you have railed against the netapp multiple times now.
Send me some flawless hardware, I'd appreciate it :) 

The problems you describe effect all session management schemes that must 
span multiple systems ( database is down, can't read sessions, requests
stack up etc ) and are not really particular to the NFS issue from my
perspective.  It would be much easier to write app logic to recover from a
different scheme but the problem is mostly the same with different
recovery times.

John-

On Tue, 9 May 2000, Jeffrey W. Baker wrote:

> On Tue, 9 May 2000, John Armstrong wrote:
> 
> > Lots of folks are saying the running File based sessions over NFS is 
> > problematic. We are doing it without any noticeable issues so far but 
> > I am _very_ curious as to what we need to watch out for. I'd like to 
> > meet the evil before I have to do battle with it if you get my drift.
> > 
> > If anyone has any insight with some fairly specific examples that 
> > would be awesome. We're running our sessions off of a Network 
> > Appliance Filer and so far performance is fantastic as is data 
> > integrity..
> 
> Hahahahaha sigh.
> 
> Seriously though, you can search this lists' archive for NetApp to get my
> read on that particular piece of hardware.  The bottom line is that it is
> a very nice machine, but not the flawless miracle that their literature
> says it is.
> 
> The problem with NFS is that it takes so long to detect problems.  If your
> platform's NFS timeout is, say, 60 seconds, how many requests are going to
> stack up while you wait for that timeout to elapse?  Once you know there
> is a problem, does your code deal with it properly?  What are you going to
> do with all those requests that stacked up?  How do you tell your
> application that NFS is available again?
> 
> We now return you to "All sessions, all the time."
> 
> -jwb
> 
> 

Re: Running file based sessions via NFS

[Jeffrey W. Baker]

On Tue, 9 May 2000, John Armstrong wrote:

> Lots of folks are saying the running File based sessions over NFS is 
> problematic. We are doing it without any noticeable issues so far but 
> I am _very_ curious as to what we need to watch out for. I'd like to 
> meet the evil before I have to do battle with it if you get my drift.
> 
> If anyone has any insight with some fairly specific examples that 
> would be awesome. We're running our sessions off of a Network 
> Appliance Filer and so far performance is fantastic as is data 
> integrity..

Hahahahaha sigh.

Seriously though, you can search this lists' archive for NetApp to get my
read on that particular piece of hardware.  The bottom line is that it is
a very nice machine, but not the flawless miracle that their literature
says it is.

The problem with NFS is that it takes so long to detect problems.  If your
platform's NFS timeout is, say, 60 seconds, how many requests are going to
stack up while you wait for that timeout to elapse?  Once you know there
is a problem, does your code deal with it properly?  What are you going to
do with all those requests that stacked up?  How do you tell your
application that NFS is available again?

We now return you to "All sessions, all the time."

-jwb

Re: growing processes

[Jeff Beard]

At 11:04 AM 5/9/00, Wim Kerkhoff wrote:

>Snip [...]


Hmmm. Well, some things to look at:

globals aren't too good (i.e. use vars qw(...) ). Best to "localize" with my();

What's the SQL statement look like?

$sth->fetchrow returns an array but I don't know off the top of my head if 
it automagically becomes an array ref if assigned to a scalar.

Are you checking your return values?

Are getting any funny looking result sets? i.e., data from the last query? 
That's usually the big red light indicating a big leak. There's docs on 
that in the guide.

I hope you are also doing some error checking that you left out for the 
example, i.e. :

 $dbh->connect() or die "There was an error:",
 $DBI::errstr, "\n";

You might also undef whatever variable is holding the result set when you 
are done working it.

Just remember that you can use Apache::DBI to fire up a connection to the 
dB when Apache starts. Any time you make a DBI->connect() call, Apache::DBI 
will intercede and use it's cached handle.

Beyond these points what's here seems reasonable.

HTH.

--Jeff



>#!/usr/bin/perl -w
>
># some sample code
>use strict;
>use MyStuff;
>use vars qw ($dbh $foo $bar $sql $sth $rc);
>
>$dbh = dbConnect;
>
>sub something {
> $foo = "somevvar";
> $sth = $dbh->prepare("some sql code");
> $sth->execute();
> $bar = $sth->fetchrow();
> $sth->finish;
>}
>
>--
>
>package MyStuff;
>
>use strict;
>use DBI;
>
># export dbConnect, etc
>
>sub dbConnect {
> my $dbh = DBI->connect(args,to,dbi);
> return $dbh;
>}
>1;
># end of MyStuff;
>---





Jeff Beard
_
Web:www.cyberxape.com
Email:  jeff at cyberxape.com
Location:   Boulder, CO, USA

RE: growing processes

[Gerald Richter]

>
> Is doing the things below terribly bad?  We're actually doing 90% of the
> stuff in embperl, but we ran into problems in scoping when using
> my (), so we
> switched to use vars.
>
> #!/usr/bin/perl -w
>
> # some sample code
> use strict;
> use MyStuff;
> use vars qw ($dbh $foo $bar $sql $sth $rc);
>
> $dbh = dbConnect;
>

You have to make sure that all these vars get undef'ed at the end of your
request, otherwise the content will take up memory until they are assigned a
new value. Inside a Embperl page, Embperl will do this for you, but in your
own modules your are responsible for doing this on your own.

You may install Apache::Status in your system, to browser thru your symbol
table, to see which vars are defined with which content.


Gerald


-
Gerald Richterecos electronic communication services gmbh
Internetconnect * Webserver/-design/-datenbanken * Consulting

Post:   Tulpenstrasse 5 D-55276 Dienheim b. Mainz
E-Mail: [EMAIL PROTECTED] Voice:+49 6133 925151
WWW:http://www.ecos.de  Fax:  +49 6133 925152
-

Re: growing processes

[Ken Williams]

I don't think you want to "use vars" for your regular variables.  Too
dangerous, and you set yourself up for memory leaks.  Declare them as
lexicals. Only use a global for something you want to cache ($dbh). 
Something like:


  #!/usr/bin/perl -w

  # some sample code
  use strict;
  use MyStuff;


  sub something {
 my $dbh = dbConnect;
 my $foo = "somevvar";
 my $sth = $dbh->prepare("some sql code");
 $sth->execute();
 my $bar = $sth->fetchrow();
 $sth->finish;
  }

  --
  package MyStuff;

  use strict;
  use DBI;
  use vars qw($dbh);

  # export dbConnect, etc

  sub dbConnect {
 $dbh ||= DBI->connect(args,to,dbi);
 return $dbh;
  }
  1;
  # end of MyStuff;
  ---


[EMAIL PROTECTED] (Wim Kerkhoff) wrote:
># some sample code
>use strict;
>use MyStuff;
>use vars qw ($dbh $foo $bar $sql $sth $rc);
>
>$dbh = dbConnect;
>
>sub something {
>$foo = "somevvar";
>$sth = $dbh->prepare("some sql code");
>$sth->execute();
>$bar = $sth->fetchrow();
>$sth->finish;
>}
>
>--
>
>package MyStuff;
>
>use strict;
>use DBI;
>
># export dbConnect, etc
>
>sub dbConnect {
>my $dbh = DBI->connect(args,to,dbi);
>return $dbh;
>}
>1;
># end of MyStuff;
>---

Re: 100% sessions?

[Tom Mornini]

On Tue, 9 May 2000, Drew Taylor wrote:

> > This works on my site, because the urlspace is completely
> > ficticious.  There is no disk path /home/abcdef0987654321, in fact there
> > is no /home, nor even a document root at all.  I just threw in the /home
> > to make the URL look a little more friendly.

> Does the site revert to cookie based sessions if the sessionID is
> chopped off?  What is the purpose of chopping off the sessionID?
> Prettier bookmarks?

Why would it? It just starts a new session and prime the pump again...

-- 
-- Tom Mornini
-- InfoMania Printing and Prepress

Re: 100% sessions?

[Tom Mornini]

On Tue, 9 May 2000, Tobias Hoellrich wrote:

> and what happens when somebody bookmarks a URL with the session-id
> prepended and comes back a week later with an invalid session-id in the URL?

They get a screen that asks them to fix their bookmark, and shows them
how. This is the only disadvantage of this method that we know of, but we
feel that it is far outweighed by having session support on 100% of our
connections.

-- 
-- Tom Mornini
-- InfoMania Printing and Prepress

Running file based sessions via NFS

[John Armstrong]

Lots of folks are saying the running File based sessions over NFS is 
problematic. We are doing it without any noticeable issues so far but 
I am _very_ curious as to what we need to watch out for. I'd like to 
meet the evil before I have to do battle with it if you get my drift.

If anyone has any insight with some fairly specific examples that 
would be awesome. We're running our sessions off of a Network 
Appliance Filer and so far performance is fantastic as is data 
integrity..

John-

Re: speed up/load balancing of session-based sites

[Rodney Broom]

> > Murali said:
> > > a) NFS mount a server which will store all session data

Just a note, NFS in specific can be very problematic. It takes some real
tuning to get it just right. As for distributed data; session data ~should~
be small, under a kB. So you could move it around in almost any fassion you
like and still be pretty efficiant.

On that, you can use Storable to push around really compact/complete Perl
data structures.

Rodney

Re: 100% sessions?

[Gunther Birznieks]

You should be able to wrap the session creation inside an eval so that if 
the session has expired, your code doesn't break, it silently creates a new 
session behind the scenes.

That's if you have this requirement.

Later,
Gunther

At 04:50 PM 5/9/00 -0500, Jay Jacobs wrote:

>On Tue, 9 May 2000, Jeffrey W. Baker wrote:
> > Why is the session ID invalid just because they left for a week?  Ask them
> > to authenticate again and take them right back to whatever they were
> > doing.
> >
> > On some sites bookmarking the URL with the session ID embedded is the
> > optimal behavior.
> >
> > -jwb
>
>Session-jumping is a key concern in my application, once a user logs,
>they're going to be looking at sensitive information that pertains
>directly to that user.  Sessions need to be timed and expire in a short
>amount of time (30 mins or so) of inactivity.
>
>If a registered user comes back after that time (from a bookmark or
>refresh), I'm going to redirect them to the login page, and then putting
>them to the originally requested document after they authenticate, just
>like you said.
>
>I just can't see tying in the ip address, or any other mechanism as being
>100% effective for session management...
>
>Jay

without Apache::Registry, redefined subs still?

[w trillich]

redefined subs with perlrun?

pertinent parts, from httpd.conf:
#for running perl scripts
PerlModule Apache::PerlRun

#for running perl internally from within apache
#PerlModule Apache::Registry

ErrorDocument 401 /cgi-bin/noAccess.pl

ScriptAlias /cgi-bin /usr/lib/cgi-bin/

order allow,deny
allow from all
Options -Indexes +ExecCGI


# allow arbitrary *.perl files to be scattered throughout the site.

Options +ExecCGI
SetHandler perl-script
PerlSendHeader On
PerlHandler Apache::PerlRun


from /var/log/apache/errors.log:
Subroutine b redefined at /usr/lib/cgi-bin/noAccess.pl line 20.

i thought that only happened with Apache::Registry...?

-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Their is five errers in this sentance.

Re: 100% sessions?

[Tobias Hoellrich]

At 01:40 AM 5/10/00 +0200, harm wrote:
> ...
>It doesn`t clear the referer header!
>Any suggestions for better redirection strategies? Generate a html file
>whith  qualifies as ugly ;-)
>
>

Then I guess our solution qualifies as ugly - you can spit out as many
302's as you want, it won't increase the internal history of browsers. Only
when the browser starts working on a page it will clear the Referer
information.

Tobias

Re: speed up/load balancing of session-based sites

[Perrin Harkins]

On Tue, 9 May 2000, Jeremy Howard wrote:
> Murali said:
> > As I understand from this discussion we have 2 methods involving creating a
> > session-server which will store all session data.
> > a) NFS mount a server which will store all session data
> > b) Have a DB in this server which stores this data. Through a network
> > connect to the DB and retrieve the info.
> 
> I don't think you have to take either approach to store all session
> specific data. When a session is started, simply use a redirect a go
> to a URL that includes the IP address of the machine that will serve
> this session. From then on, the session will always go to the same
> machine, and therefore the session data doesn't have to be centralised
> or distributed.

Unfortunately, that's not a high-availability solution.  If the machine
you sent that user to crashes, the user's session will be lost.  Most
people who have enough traffic to need a cluster of machines also care
about sessions surviving individual machine problems.

- Perrin

Re: 100% sessions?

[harm]

On Tue, May 09, 2000 at 04:15:29PM -0700, Tobias Hoellrich wrote:
> Rule #1: Never ever link directly to a remote site, but do it through a
> redirector which makes sure that nothing that doesn't have to be sent to
> the remote site gets sent to it. We use a handler that "listens" on
> /redirect turns urls like:
> 
>   /redirect/http://www.disney.com 
> 
> to the obvious correct redirection directive without attaching anything
> session related. The referer on the remote site sees
> 'http://some.host.com/redirect/http://www.disney.com'

Sounds like a nice solution. 
Let`s test it. I used a handler like:
sub handler {
my $r = shift;
$r->header_out(Location=> "http://nieuw.nl/harm/p.jpg");
return REDIRECT;
}
and a html file with a link to it. Netscape(linux) and links behave as they
should. IE4 though:
212.204.140.183 - - [10/May/2000:01:33:23 +0200] "GET /mytest HTTP/1.1" 302 270 
"http://nieuw.nl/harm/my.html" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"
212.204.140.183 - - [10/May/2000:01:33:23 +0200] "GET /harm/p.jpg HTTP/1.1" 200 5865 
"http://nieuw.nl/harm/my.html" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"

It doesn`t clear the referer header!
Any suggestions for better redirection strategies? Generate a html file
whith  qualifies as ugly ;-)


Harm


-- 
 Today is Setting Orange, the 57th of Discord, 3166.
   The Moon is Waxing Crescent (41% of Full)
  nieuw.nl - 2dehands.nl

Re: [OT] Great book!

[Jeremy Howard]

> another great one ive yet to purchase is object oriented perl
> there is some sample chapters 
> online somewhere
> 
See .

It really is a tremendous book. I thought I knew OO Perl pretty well, but after 
reading Conway's book I realised I'd hardly begun!... Some of the useful techniques 
described:
*  Using closures to create static class data
*  Encapsulation with Pseudo-hashes and 'use fields'
*  Secure encapsulation with SecureHash and the flyweight pattern
*  Auto generating classes with Method::Maker
*  Implementing persistance
*  Inheriting class data
*  Blessing regexps, subs, and globs

I could keep going, but there's a taste... There's a good forum at the attached 
web-site that Conway visits regularly.

--
  Jeremy Howard
  [EMAIL PROTECTED]

Re: Cookies and redirection

[Autarch]

On Tue, 9 May 2000, Alex Menendez wrote:

> not completely sure about real mod_perl. However, the following works
> great using Apache::Registry and CGI:
> 
> print $query->header(-cookie=>[$id_cookie,$crypt_cookie],
>  
>-Location=>$query->param("redirect").'?name='.@$ref[1].'&last_login='.@$ref[3].'&site_id='.$query->
> param('site_id'));
> 
> I think Apache::Request will work just in same manner.

First, why the @$ref[1]?  YOu're doing a slice when you really want
$ref->[1].  Anway, Apache::Request does not have any output methods like
CGI so this won't work.

Try checking out Apache::Cookie for the cookie part.  For the redirect you
can do:

$r->header_out( Location => $location );

and then make sure that you send a REDIRECT status to the browser. (Return
REDIRECT from your module).

-dave

/*==
www.urth.org
We await the New Sun
==*/

Re: 100% sessions?

[Tobias Hoellrich]

Rule #1: Never ever link directly to a remote site, but do it through a
redirector which makes sure that nothing that doesn't have to be sent to
the remote site gets sent to it. We use a handler that "listens" on
/redirect turns urls like:

/redirect/http://www.disney.com 

to the obvious correct redirection directive without attaching anything
session related. The referer on the remote site sees
'http://some.host.com/redirect/http://www.disney.com'

Tobias

At 12:55 AM 5/10/00 +0200, harm wrote:
>> I like to use session ids at the beginning of the URL for another
>> reason: the users understand it.  For example, if they visit a URL:
>> 
>> https://secretstartup.com/home/abcdef0987654321/foo/bar/baz/quux
>
>Ok, that`s convenient, but what if the user follows a link to a different
>site? Those having access to the logfile of the new site will be able to 
>snoop the
>sessionid`s if they are fast enough (or have a script monitoring the
>logfiles) via the referer header. 
>

Re: 100% sessions?

[Jeffrey W. Baker]

On Wed, 10 May 2000, harm wrote:

> On Tue, May 09, 2000 at 03:36:38PM -0700, Jeffrey W. Baker wrote:
> > > 
> > > The cool thing about this is that relative links need not be rewritten at 
> > > all, the browser handles it!
> 
> 
> 
> > 
> > I like to use session ids at the beginning of the URL for another
> > reason: the users understand it.  For example, if they visit a URL:
> > 
> > https://secretstartup.com/home/abcdef0987654321/foo/bar/baz/quux
> 
> Ok, that`s convenient, but what if the user follows a link to a different
> site? Those having access to the logfile of the new site will be able to snoop the
> sessionid`s if they are fast enough (or have a script monitoring the
> logfiles) via the referer header. 

That's a known problem regardless of whether the ID is at the beginning,
the end, or in the query string.  When linking to non-trusted sites, you
must always use an intermediate page to scrub the referer.  People leaving
my current project appear to have come from /leave.

IMHO the browsers should not send Referer when using SSL and jumping from
one host to another.

-jwb

Re: 100% sessions?

[harm]

On Tue, May 09, 2000 at 03:36:38PM -0700, Jeffrey W. Baker wrote:
> > 
> > The cool thing about this is that relative links need not be rewritten at 
> > all, the browser handles it!



> 
> I like to use session ids at the beginning of the URL for another
> reason: the users understand it.  For example, if they visit a URL:
> 
> https://secretstartup.com/home/abcdef0987654321/foo/bar/baz/quux

Ok, that`s convenient, but what if the user follows a link to a different
site? Those having access to the logfile of the new site will be able to snoop the
sessionid`s if they are fast enough (or have a script monitoring the
logfiles) via the referer header. 


Harm

-- 
 Today is Setting Orange, the 57th of Discord, 3166.
   The Moon is Waxing Crescent (41% of Full)
  nieuw.nl - 2dehands.nl

Re: 100% sessions?

[Drew Taylor]

"Jeffrey W. Baker" wrote:
> 
> On Tue, 9 May 2000, Tom Mornini wrote:
> 
> > The cool thing about this is that relative links need not be rewritten at
> > all, the browser handles it!
> 
> This last part is a great point, and one that people would do well to
> heed.  I hadn't considered the implication that relative URLs would work
> this way, but they do.  I'm excited!
> 
> I like to use session ids at the beginning of the URL for another
> reason: the users understand it.  For example, if they visit a URL:
> 
> https://secretstartup.com/home/abcdef0987654321/foo/bar/baz/quux
> 
> A lot of users are advanced enough to chop off part of the URL to get what
> they want.  With the session ID at the root of the URL, this is easier to
> do.  With this URL,
> 
> https://secretstartup.com/foo/bar/baz/quux/abcdef0987654321
> 
> The users are likely to either not try, or to get it wrong.
> 
> This works on my site, because the urlspace is completely
> ficticious.  There is no disk path /home/abcdef0987654321, in fact there
> is no /home, nor even a document root at all.  I just threw in the /home
> to make the URL look a little more friendly.
Does the site revert to cookie based sessions if the sessionID is
chopped off?  What is the purpose of chopping off the sessionID?
Prettier bookmarks?

At my site, I just made the executive decision (w/ the backing on my
project manager of course :-) that cookies would need to be turned on.
The cookie just contains a customerID, registered status and a MD5 hash
to make sure they don't screw around with the cookie contents. It has an
expire time of 1 year, so that a user only has to log in once. I have to
do this in my case because they get non-watermarked images if they have
registered. :-) If they don't accept the cookie, then they only get
watermarked images.

This customerID is an index into my database, from which everything else
is pulled. But, I actually have written code so that I can use PATH_INFO
also. I had to do this because I have many sites (ie. domains) that all
use a single _secure_ domain for ordering. So I cobbled together some
code to A) enable me to pull the correct site's template and B) make
sure they still can't fake being another user.

To get back on topic, it would be extrmely useful for me to have a
seamless model I could use everywhere. I have no problem with cookies. I
personally have cookies turned on, but refuse cookies not coming from
the site I'm visiting (think DoubleClick, etc...). But it would also be
a major plus to seemlessly be able to detect if a user is not accepting
cookies and start using URL tracking. Servlets have really got it made
in this respect.

I would be very interested to get an idea of how many ordinary users
surf with cookies turned off. I just decided to force people to have
them. Call me evil, but I got it past the boss. :-) Does anyone have
reliable information about this topic?

-- 
Drew Taylor
Vialogix Communications, Inc.
501 N. College Street
Charlotte, NC 28202
704 370 0550
http://www.vialogix.com/

Re: Cookies and redirection

[Rodney Broom]

- Original Message -
From: "Robin Berjon" <[EMAIL PROTECTED]>


> >On Tue, 9 May 2000, Robin Berjon wrote:
> >> Isn't there a work-around consisting of making 100% sure the cookie is
sent
> >> before the Location header ?

Sure:
Set cookie;
if Reread_cookie
   do somthing good
else
   do something else

Rodney

Re: [Mason]Determining TARGET frame

[Robin Berjon]

>I'm working on my own site with mod_perl and mason.
>
>I want cookie exchange ONLY with one particular frame.
>
>I *could* simply just maintain a list of pages that might
>validly be in the paricular frame, but I'd prefer something
>like...

Would putting all those pages in one directory (or subdirectories thereof)
and setting a path on the cookie work for you ?



.Robin
Does the name Pavlov ring a bell?

Re: Cookies and redirection

[Robin Berjon]

At 08:53 09/05/2000 -0700, Perrin Harkins wrote:
>On Tue, 9 May 2000, Robin Berjon wrote:
>> Isn't there a work-around consisting of making 100% sure the cookie is sent
>> before the Location header ?
>
>Not with MSIE.  At least it didn't work for me.

Works here for me with msie 4 and 5.1 on win98.



.Robin
Does the name Pavlov ring a bell?

Re: 100% sessions?

[Rodney Broom]

- Original Message -
From: "Jay Jacobs" <[EMAIL PROTECTED]>
> I've been perusing the archives on the topic of cookie vs. url vs. user
> session tracking, and I can't find a solution that is 100% effective.

I've been thinking for a while now on a "complete" state maintainance
system. Although it would be allot of writing, I think that a system could
be build that magically incorporates one or more of:
- magic numbers (or session IDs)
- cookies
- IP tracking
- special form vars

>From there, you'd have a fuction available like $hash_ref =
get_user_state(). The get_user_state() function would sift through any/all
of the data that it could glean from the remote side and make its best guess
about what information is available. After that, it would be up to the
programmer to decide what she wanted to do about this data.

I suppose that the parsed data from get_user_state() should get saved in
some usefull location and there would need to be access/administration
functions sitting on top of that data.

Rodney

Re: Bitten by -D_FILE_OFFSET_BITS=64

[Alan Burlison]

Ari Jolma wrote:

> (This may be a general Perl question but since I have this problem
> only with mod_perl I'm asking it here.) Perl's (5.6.0) Configure script
> puts -D_FILE_OFFSET_BITS=64 into Config.pm's variable ccflags in
> my machine (redhat 6.1 with linux 2.2.12). This causes for some
> reason mod_perl.c to have stat structure with size 96 while it
> has the size 88 in apache (and it is 88 usually). The result is
> very poor behavior in make test. When I manually remove that
> compiler directive everything works fine. My mod_perl is 1.23
> and apache is 1.3.12. I believe I've had this problem for long since
> over the years :-) I've had this same problem occasionally but only
> now investigated it thoroughly using gdb. Can anybody give an
> explanation what is going on here?

I was bitten my a similar problem on Solaris.  Basically I built perl
with the default configure settings on Solaris 8, which result in Perl
being made largefile aware, which is A Good Thing.  However, when I
built Apache it was built without being largefile aware, which is A Very
Bad Thing - at least if you want to use mod_perl, that is.  This is
because Perl and Apache don't agree on the size of off_t and other such
things that change between the 32 and 64 bit file offset worlds.  I
fixed this by the simple expedient of making Apache largefile aware.  On
Solaris this was easy - I just set CFLAGS="-D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64" in my environment before calling the Apache
configure.  Apache built with no errors, and as far as I can tell up
until now it works just fine, including mod_perl.  Obviously you are on
a different platform, but perhaps building Apache with the Linux
incantation needed to make it largefile aware will solve the problem for
you?

Alan Burlison

Re: 100% sessions?

[Jeffrey W. Baker]

On Tue, 9 May 2000, Tom Mornini wrote:

> That is the tricky part. :-)
> 
> Here's the sneaky way to handle it: Put the Session ID at the beginning of
> the URI. If a request comes in with a Session ID, then strip it out of
> $r->urii. If a request comes in without one, redirect them to the same URI
> with a session ID in place.
> 
> In our case, this is handled by a trans handler that stores state in
> $r->pnotes, and a fixup handler that reads $r->pnotes and
> $r->set_handlers() in the redirect handler into the response phase.
> 
> The cool thing about this is that relative links need not be rewritten at 
> all, the browser handles it!


This last part is a great point, and one that people would do well to
heed.  I hadn't considered the implication that relative URLs would work
this way, but they do.  I'm excited!

I like to use session ids at the beginning of the URL for another
reason: the users understand it.  For example, if they visit a URL:

https://secretstartup.com/home/abcdef0987654321/foo/bar/baz/quux

A lot of users are advanced enough to chop off part of the URL to get what
they want.  With the session ID at the root of the URL, this is easier to
do.  With this URL,

https://secretstartup.com/foo/bar/baz/quux/abcdef0987654321

The users are likely to either not try, or to get it wrong.

This works on my site, because the urlspace is completely
ficticious.  There is no disk path /home/abcdef0987654321, in fact there
is no /home, nor even a document root at all.  I just threw in the /home
to make the URL look a little more friendly.

Cheers,
Jeffrey

Re: speed up/load balancing of session-based sites

[Jeremy Howard]

Murali said:
> As I understand from this discussion we have 2 methods involving creating a
> session-server which will store all session data.
> a) NFS mount a server which will store all session data
> b) Have a DB in this server which stores this data. Through a network
> connect to the DB and retrieve the info.

I don't think you have to take either approach to store all session specific data. 
When a session is started, simply use a redirect a go to a URL that includes the IP 
address of the machine that will serve this session. From then on, the session will 
always go to the same machine, and therefore the session data doesn't have to be 
centralised or distributed.

The downside of this is that bookmarked pages will not contain your normal internet 
address, but instead the address of the specific server that is serving the current 
session. Although a little unattractive, it doesn't really matter. Just make sure that 
when this bookmark is used, you deal with it properly. That is, notice that this 
session id is no longer active on this machine, and create a new session just like the 
'front-end' server would. The 2nd downside is that the first connection in a new 
session may have one additional redirect. The front-end server needs access to a 
central data store to do authentication (since it needs to know about _all_ users), 
but that only generally needs a username/password/userid, so it's unlikely to cause 
very much network traffic.

--
  Jeremy Howard
  [EMAIL PROTECTED]

[OT] Re: 100% sessions?

[Eric Strovink]

Stas, this thread is very interesting.  Guide material?

Re: 100% sessions?

[Tom Lancaster]

Yes,

we use our own url-rewriting implementation of Apache::Session::DBI - 
we just use method calls instead of hrefs
($ui->a_href('page.html','querystring','other stuff') ) which whop a
key= into the query string. 
In addition, to time out sessions we added a timestamp field to the
sessions database, and run a cron job or daemon to wipe out all the ones
over a certain age.



Jay Jacobs wrote:
> 
> I've been perusing the archives on the topic of cookie vs. url vs. user
> session tracking, and I can't find a solution that is 100% effective.
> 
> Here's the scenario... using Apache::Session::DBI on a public site, where
> registered users can log in to get detailed information and "place orders"
> online.  Non-registered users will get basic information and ideally
> should be able to "place orders" that will have no real effect on the site
> (i.e. shopping cart with no purchasing)
> 
> Here's some major concerns I groked from the archives:
> cookies: disabled from proxies, or disabled for "security"
> user-based: wouldn't solve non-registered user issue, nor site-wide
> url: requires site-wide url-rewriting, insecure from HTTP_REFERER
> standpoint
> 
> My thought is to try to verify it from ip but that breaks when proxies
> come from more than one ip (AOL), or when nat is in place covering
> multiple client systems.  Also adding a lame security attempt, and put a
> timed expiration on the server-side session after an hour or so.
> 
> I'm thinking of just relying on cookies, while not 100%, it's gotta be
> close to 80 or 90% which may be good for this project.  But I figured
> others had faced this same issue and had an ample solution...
> 
> Jay Jacobs
> LachNet Inc.

Re: 100% sessions?

[Tobias Hoellrich]

Jeffrey,

At 02:32 PM 5/9/00 -0700, Jeffrey W. Baker wrote:
>Why is the session ID invalid just because they left for a week?  Ask them
>to authenticate again and take them right back to whatever they were
>doing.
>
>On some sites bookmarking the URL with the session ID embedded is the
>optimal behavior.
>
>-jwb
>

perhaps we just have a different understanding of sessions. What you refer
to sounds more like the 'profiles' we associate with authenticated users.
Sessions are short-lived blobs of data which keep information about what a
user does at this very moment on our site. If he doesn't touch the session
data for while (means hit one of the servers which update modtime in the
session blob) then he will need to reauthenticate with the service and
establish a new session. 

Tobias

Re: 100% sessions?

[Jay Jacobs]

On Tue, 9 May 2000, Jeffrey W. Baker wrote:
> Why is the session ID invalid just because they left for a week?  Ask them
> to authenticate again and take them right back to whatever they were
> doing.
> 
> On some sites bookmarking the URL with the session ID embedded is the
> optimal behavior.
> 
> -jwb

Session-jumping is a key concern in my application, once a user logs,
they're going to be looking at sensitive information that pertains
directly to that user.  Sessions need to be timed and expire in a short
amount of time (30 mins or so) of inactivity.

If a registered user comes back after that time (from a bookmark or
refresh), I'm going to redirect them to the login page, and then putting
them to the originally requested document after they authenticate, just
like you said.

I just can't see tying in the ip address, or any other mechanism as being
100% effective for session management... 

Jay

Re: 100% sessions?

[Jeffrey W. Baker]

On Tue, 9 May 2000, Tobias Hoellrich wrote:

> Tom,
> 
> At 02:02 PM 5/9/00 -0700, Tom Mornini wrote:
> >That is the tricky part. :-)
> >
> >Here's the sneaky way to handle it: Put the Session ID at the beginning of
> >the URI. If a request comes in with a Session ID, then strip it out of
> >$r->urii. If a request comes in without one, redirect them to the same URI
> >with a session ID in place.
> >
> >In our case, this is handled by a trans handler that stores state in
> >$r->pnotes, and a fixup handler that reads $r->pnotes and
> >$r->set_handlers() in the redirect handler into the response phase.
> >
> >The cool thing about this is that relative links need not be rewritten at 
> >all, the browser handles it!
> >
> 
> and what happens when somebody bookmarks a URL with the session-id
> prepended and comes back a week later with an invalid session-id in the URL?

Why is the session ID invalid just because they left for a week?  Ask them
to authenticate again and take them right back to whatever they were
doing.

On some sites bookmarking the URL with the session ID embedded is the
optimal behavior.

-jwb

Re: 100% sessions?

[Tobias Hoellrich]

Tom,

At 02:02 PM 5/9/00 -0700, Tom Mornini wrote:
>That is the tricky part. :-)
>
>Here's the sneaky way to handle it: Put the Session ID at the beginning of
>the URI. If a request comes in with a Session ID, then strip it out of
>$r->urii. If a request comes in without one, redirect them to the same URI
>with a session ID in place.
>
>In our case, this is handled by a trans handler that stores state in
>$r->pnotes, and a fixup handler that reads $r->pnotes and
>$r->set_handlers() in the redirect handler into the response phase.
>
>The cool thing about this is that relative links need not be rewritten at 
>all, the browser handles it!
>

and what happens when somebody bookmarks a URL with the session-id
prepended and comes back a week later with an invalid session-id in the URL?

Tobias

Re: 100% sessions?

[Tom Mornini]

On Tue, 9 May 2000, Drew Taylor wrote:

> > > I'm thinking of just relying on cookies, while not 100%, it's gotta be
> > > close to 80 or 90% which may be good for this project.  But I figured
> > > others had faced this same issue and had an ample solution...
> > 
> > We use in-URL session IDs for everyone, and give the users with cookies a
> > more robust inter-session experience.
> > 
> > This way the site works for everyone, but works better for people with
> > cookies.
> Exactly what does the URL rewriting in your case? A custom module or
> some version of mod_rewrite? It appears that the community needs a
> comprehensive solution, that combines the effectiveness of
> Apache::Session with the configurability to use cookies or URL tracking.
> Is there such a beast? Would it be hard to cobble it together with
> existing modules?

That is the tricky part. :-)

Here's the sneaky way to handle it: Put the Session ID at the beginning of
the URI. If a request comes in with a Session ID, then strip it out of
$r->urii. If a request comes in without one, redirect them to the same URI
with a session ID in place.

In our case, this is handled by a trans handler that stores state in
$r->pnotes, and a fixup handler that reads $r->pnotes and
$r->set_handlers() in the redirect handler into the response phase.

The cool thing about this is that relative links need not be rewritten at 
all, the browser handles it!

-- 
-- Tom Mornini
-- InfoMania Printing and Prepress

Re: 100% sessions?

[Tobias Hoellrich]

A mod_rewrite recipe wouldn't help you a lot, because you actually need to
parse the HTML, find all HREFs (and FORM actions) which point to your local
site and add the session information to these. 
If you have a module which does process all the output from your handlers
then this would be a good place to add it. PHP and Apache::ASP do it this way. 

Tobias

At 05:07 PM 5/9/00 -0400, Drew Taylor wrote:
>Exactly what does the URL rewriting in your case? A custom module or
>some version of mod_rewrite? It appears that the community needs a
>comprehensive solution, that combines the effectiveness of
>Apache::Session with the configurability to use cookies or URL tracking.
>Is there such a beast? Would it be hard to cobble it together with
>existing modules?
>
>-- 
>Drew Taylor
>Vialogix Communications, Inc.
>501 N. College Street
>Charlotte, NC 28202
>704 370 0550
>http://www.vialogix.com/

Re: 100% sessions?

[Drew Taylor]

Tom Mornini wrote:
> 
> On Tue, 9 May 2000, Jay Jacobs wrote:
> 
> > I'm thinking of just relying on cookies, while not 100%, it's gotta be
> > close to 80 or 90% which may be good for this project.  But I figured
> > others had faced this same issue and had an ample solution...
> 
> We use in-URL session IDs for everyone, and give the users with cookies a
> more robust inter-session experience.
> 
> This way the site works for everyone, but works better for people with
> cookies.
Exactly what does the URL rewriting in your case? A custom module or
some version of mod_rewrite? It appears that the community needs a
comprehensive solution, that combines the effectiveness of
Apache::Session with the configurability to use cookies or URL tracking.
Is there such a beast? Would it be hard to cobble it together with
existing modules?

-- 
Drew Taylor
Vialogix Communications, Inc.
501 N. College Street
Charlotte, NC 28202
704 370 0550
http://www.vialogix.com/

Re: 100% sessions?

[Tom Mornini]

On Tue, 9 May 2000, Jay Jacobs wrote:

> I'm thinking of just relying on cookies, while not 100%, it's gotta be
> close to 80 or 90% which may be good for this project.  But I figured
> others had faced this same issue and had an ample solution...

We use in-URL session IDs for everyone, and give the users with cookies a
more robust inter-session experience.

This way the site works for everyone, but works better for people with
cookies.

-- 
-- Tom Mornini
-- InfoMania Printing and Prepress

Re: growing processes

[Perrin Harkins]

On Tue, 9 May 2000, Wim Kerkhoff wrote:
> On 09-May-2000 Perrin Harkins wrote:
> > On Mon, 8 May 2000, Wim Kerkhoff wrote:
> >> On a fresh restart of apache, my processes are about 20 ~ 25 MB each,
> >> which is about normal for mod_perl (as far as I know).  However,
> >> within a few hours (with little use except by our development team),
> >> the size is up to 40MB, and by the end of the day up to 60, 70, even
> >> 90MB each.
> > 
> > You're probably doing something that is causing certain variables to have
> > temporarily large values.  As always, start with the guide:
> > 
> > http://perl.apache.org/guide/performance.html#Memory_leakage
> > 
> > You should also make sure you're doing the usual pre-loading and other
> > suggestions from this section of the guide.  You may find the section in
> > the camel book on optimizing for size useful as well.
> > 
> > - Perrin
> 
> Ok, I'm going to go check that out right away.
> 
> Could this have anything to do with it?
> 
> [Tue May  9 09:39:50 2000] [error] DBI->connect failed: ORA-00604: error occurre
> d at recursive SQL level 1
> ORA-00018: maximum number of sessions exceeded (DBD ERROR: OCISessionBegin) at /
> var/rubberoven.com/lib/nmSql.pm line 61
> 
> We're using SqlNet to connect multiple Linux web servers to Oracle running on a
> Solaris box.

Nope, that's a different problem.
- Perrin

Re: speed up/load balancing of session-based sites

[Tom Mornini]

On Tue, 9 May 2000, Leslie Mikesell wrote:

> > We use a custom written session handler that uses Storable for
> > serialization. We're storing complete results for complex select
> > statements on pages that require "paging" so that the complex select only
> > happens once. We store user objects complete, and many multi-level complex
> > data structures at whim.
> 
> What kind of traffic can you support with this?

Great than 1 million page views per day, and growing fast. Response is
instantaneous, and the machines are lightly utilized, except during peak
time (which for us is around 4 a.m. PST) where they get moderately
utilized.

We have a classic split-architecture proxy/mod_perl/database system,
except that we also utilize load balancing to split incoming requests to 4
proxy boxes. Their requests get load balanced to 2 backend mod_perl
machines, and their requests go to a single Oracle machine.

The Oracle machine is, at most, 25% capacity. And, hardware wise, we can
scale it up considerably.

> > Limiting yourself to cookie size limitation would be a real drag.
> 
> I'm more concerned about dealing with large numbers of simultaneous
> clients (say 20,000 who all hit at 10 AM) and I've run into problems
> with both dbm and mysql where at a certain point of write activity
> you basically can't keep up.  These problems may be solvable but
> timings just below the problem threshold don't give you much warning
> about what is going to happen when your locks begin to overlap. 

That's why we use Oracle, and spend a lot of time tweaking and tuning the
disk farm. Oracle is King in high volume situations, from what I've heard,
and I must admit that I've rarely been as impressed (in 22 years of
computer history) with it's performance and stability, though I have no
experience with anything else under similar loads.

Let me ask you a question: Are you really going to be able to handle
20,000 simultaneous users within a minute (perhaps 60,000 to 80,000
apache requests if only a single page view per user)?

-- 
-- Tom Mornini
-- InfoMania Printing and Prepress

100% sessions?

[Jay Jacobs]

I've been perusing the archives on the topic of cookie vs. url vs. user
session tracking, and I can't find a solution that is 100% effective.

Here's the scenario... using Apache::Session::DBI on a public site, where
registered users can log in to get detailed information and "place orders"
online.  Non-registered users will get basic information and ideally
should be able to "place orders" that will have no real effect on the site
(i.e. shopping cart with no purchasing)

Here's some major concerns I groked from the archives:
cookies: disabled from proxies, or disabled for "security"
user-based: wouldn't solve non-registered user issue, nor site-wide
url: requires site-wide url-rewriting, insecure from HTTP_REFERER
standpoint

My thought is to try to verify it from ip but that breaks when proxies
come from more than one ip (AOL), or when nat is in place covering
multiple client systems.  Also adding a lame security attempt, and put a
timed expiration on the server-side session after an hour or so.

I'm thinking of just relying on cookies, while not 100%, it's gotta be
close to 80 or 90% which may be good for this project.  But I figured
others had faced this same issue and had an ample solution...

Jay Jacobs
LachNet Inc.

Re: package globals?

[Bill McCabe]

Thanks, you're right. In single user mode it hit it just the once.

Bill


At 12:56 PM -0700 5/9/00, ___cliff rayman___ wrote:
>are you hitting the same child process over and over again?
>try starting the server in single user mode -X, and see if
>you still see the same results.
>
>cliff
>
>Bill McCabe wrote:
>
>> Hi All
>>
>> I have a mod_perl module in which I am trying to make use of package
>> globals for relatively static data. The code is in essence the following:
>>
>> package Apache::repsys;
>> #File Apache/repsys.pm
>>
>> use strict;
>> use Apache::Constants qw(:common);
>>
>> my ($var1, $var2);
>>
>> sub handler {
>> my $r = shift;
>>
>> #generate string with org_cd selections HTML
>> &set_var1($r, \$var1) unless defined $var1;
>>
>> ...
>>
>> }
>>
>> sub set_var1
>> {
>> my $r = shift;
>> my $var1_ref = shift;
>>
>> $r->log_error("Setting var1");
>> $$var1_ref = "HTML string here";
>> }
>>
>> Accorging to (my understanding of) the Apache Modules book, $var1 should
>> stay set between calls to handler() (cf. Apache::ESSI). The module works
>> great except that my logs show set_var1() is getting hit every time the URL
>> is accessed, which is bad because the HTML string is set up by a
>> substantial call to a backend database. What am I missing/confusing?
>>
>> Thanks in advance
>>
>> Bill
>
>--
>___cliff [EMAIL PROTECTED]

Re: speed up/load balancing of session-based sites

[Perrin Harkins]

On Tue, 9 May 2000, Jeffrey W. Baker wrote:
> If you are using an RDBMS which has atomic operations, you can turn off
> locking in Apache::Session with no effect.

I think every RDBMS I've seen, includig MySQL, guarantees atomicity at
this level.

> On the subject of locking, I think that the daemon locker is going to be
> the fastest solution for a large-scale operation.  Currently, the
> semaphore locker is the slowest (and also only scales to one machine), and
> the file locker is only slightly better.

I saw in your previous announcement that you plan to support Berkeley DB 3
as a storage mechanism in your 1.5 release.  I've found the automatic
locking it does to be very efficient.  For single machine setups I suspect
it will outperform the other options.

- Perrin

Re: Cookies and redirection

[Alex Menendez]

not completely sure about real mod_perl. However, the following works
great using Apache::Registry and CGI:

print $query->header(-cookie=>[$id_cookie,$crypt_cookie],
 
-Location=>$query->param("redirect").'?name='.@$ref[1].'&last_login='.@$ref[3].'&site_id='.$query->
param('site_id'));

I think Apache::Request will work just in same manner.

-amen

On Tue, 9 May 2000, Robin Berjon wrote:

> At 00:13 09/05/2000 -0700, Perrin Harkins wrote:
> >Bill Desjardins wrote:
> >> I checked the archives and the guide to no avail, so here goes. I am
> >> having trouble setting a cookie in the header and then doing a
> >> redirect. The cookies are working fine every where, but if I add a cookie
> >> to $r->headers_out->add(), set a location via $r->headers_out(Location =>
> >> 'newrui') and return REDIRECT, I get no cookies being set. is this a bug,
> >> feature, or a feature of the wonderful world of incompatible browsers?
> >
> >This is a known problem with certain browsers.  The cookie will get set,
> >but will not get returned on this first redirect.  You could try putting
> >the cookie data in a query string and looking for it there when it isn't
> >in the cookie.
> 
> Isn't there a work-around consisting of making 100% sure the cookie is sent
> before the Location header ?
> 
> 
> 
> .Robin
> All paid jobs absorb and degrade the mind. -- Aristotle
> 

Re: package globals?

[___cliff rayman___]

are you hitting the same child process over and over again?
try starting the server in single user mode -X, and see if
you still see the same results.

cliff

Bill McCabe wrote:

> Hi All
>
> I have a mod_perl module in which I am trying to make use of package
> globals for relatively static data. The code is in essence the following:
>
> package Apache::repsys;
> #File Apache/repsys.pm
>
> use strict;
> use Apache::Constants qw(:common);
>
> my ($var1, $var2);
>
> sub handler {
> my $r = shift;
>
> #generate string with org_cd selections HTML
> &set_var1($r, \$var1) unless defined $var1;
>
> ...
>
> }
>
> sub set_var1
> {
> my $r = shift;
> my $var1_ref = shift;
>
> $r->log_error("Setting var1");
> $$var1_ref = "HTML string here";
> }
>
> Accorging to (my understanding of) the Apache Modules book, $var1 should
> stay set between calls to handler() (cf. Apache::ESSI). The module works
> great except that my logs show set_var1() is getting hit every time the URL
> is accessed, which is bad because the HTML string is set up by a
> substantial call to a backend database. What am I missing/confusing?
>
> Thanks in advance
>
> Bill

--
___cliff [EMAIL PROTECTED]

Re: growing processes

[Wim Kerkhoff]

Hmm, I may give that a try. 

My main issue was all the memory it was taking 10 mod_perl process taking
up 512+ MB of memory is just not right.

I was thinking that they way I was passing the database handle $dbh between
functions was actually making a copy of the connection instead of a pointer to
it, which could possible screw up Apache::DBI.

Am I off track here?

On 09-May-2000 [EMAIL PROTECTED] wrote:
> Use vars is a tiny bit slower than fully qualifying varibles.
> 
> my $__PACKAGE__::var
> beats
> use vars qw/ $var /;

Regards,

Wim Kerkhoff, Software Engineer
NetMaster Networking Solutions
[EMAIL PROTECTED]

Re: speed up/load balancing of session-based sites

[G.W. Haywood]

Hi there,

On Tue, 9 May 2000, Leslie Mikesell wrote:

> I'm more concerned about dealing with large numbers of simultaneous
> clients (say 20,000 who all hit at 10 AM) and I've run into problems
> with both dbm and mysql where at a certain point of write activity
> you basically can't keep up.  These problems may be solvable but
> timings just below the problem threshold don't give you much warning
> about what is going to happen when your locks begin to overlap. 

Can you use a RAMdisk?

73,
Ged.

Re: OT: Re: Most nonesense I've ever read about mod_perl

[Tim DiLauro]

On Tue, 9 May 2000, Keith G. Murphy wrote:

> Date: Tue, 09 May 2000 09:43:29 -0500
> From: Keith G. Murphy <[EMAIL PROTECTED]>
> To: mod_perl <[EMAIL PROTECTED]>
> Subject: Re: OT: Re: Most nonesense I've ever read about mod_perl
> 
> Frank Mayhar wrote:
> > 
> > Matt Sergeant wrote:
> > > On Sun, 7 May 2000, Frank Mayhar wrote:
> > > > Perl does have some good constructs for Web work, too.  I've been writing
> > > > a webstore and some stuff is really convenient that would be inconvenient
> > > > in C.  On the other hand, there's some stuff that I just wouldn't use Perl
> > > > for, like, say, a system daemon, and there's other stuff that I _can't_ use
> > > > it for, like in the kernel.
> > > Do a web search for perlfs - yes someone really did embed perl into the
> > > Linux kernel ;-)
> > 
> > Kill them.  Kill them now.
> > --
> Don't forget the wooden stake through their hearts.
> 
> But, given that Perl has such odd but useful syntax, I've always wanted
> to see core Perl in *firmware*.  Think how mod_perl could fly!  :-)
> 
> But then, I enjoyed the C64 with its embedded Basic.  I liked it more
> when I put that Comal cartridge in there.  Yeah, kill me.  Kill me now.


Perl isn't actually imbeded in the kernel.  The kernel module calls Perl in user
space.

-timmo

-- 
---
Tim DiLauro  Milton S. Eisenhower Library
Digital Knowledge Center Johns Hopkins University
(410) 516-5263   3400 N. Charles Street
[EMAIL PROTECTED]Baltimore, MD  21218
---

Re: how to get Devel::Symdump working with mod_perl code?

[Tom Roche]

On Thu, 4 May 2000, Tom Roche wrote:
>> I'm trying to use Devel::Symdump to document code, 
>> Unfortunately Loader, or rather Perl, is having a problem with
>> Apache::DBI.pm. The first source file require's OK. The second
>> source file, GetDBs.pm, use's Apache::DBI(), line 202 of which is

>>> ) if ($INC{'Apache.pm'} and Apache->module('Apache::Status'));

Doug MacEachern <[EMAIL PROTECTED]> 5/5/00 6:11:43 PM >>>
> that's because Apache::module is only defined when you're running
> inside httpd. that line should be something like:

> if ($INC{'Apache.pm'} and $ENV{MOD_PERL} and
Apache->module('Apache::Status'));

> to work inside and outside httpd.

Thanks! That fix got me past that problem ... but only to the next
problem. Apparently httpd, mod_perl, etc are doing many things "behind
the scenes" which a "normal" Perl doesn't do (presumably unless told).
E.g. I'm now getting

> Can't locate loadable object for module Apache::Symbol in @INC (@INC
> contains: c:/Perls/ActivePerl522/site/lib/Apache/DBI
> c:/Perls/ActivePerl522/site/lib/Apache c:/Perls/ActivePerl522/lib
> c:/Perls/ActivePerl522/site/lib .) at
> c:/Perls/ActivePerl522/lib/IO/File.pm line 109

despite the fact that Symbol.pm is in
c:/Perls/ActivePerl522/site/lib/Apache, which is in @INC. Which returns
me to the original problem:

What does one need to do to run Devel::Symdump (for documentation
purposes) on code written to run (and running) under mod_perl? I'm
currently running a driver that require's/use's the relevant scripts,
and another driver that calls Symdump on them, under a "normal" Perl
process outside of Apache. If there's a way to run Symdump inside
Apache, I'd appreciate how-to's, or pointers to same.

Can someone provide, or point me to, as comprehensive a list as
possible of what needs to be done?

Please reply directly to me as well as the list/group, and
TIA, [EMAIL PROTECTED] 

Re: Newbie Question -

[Drew Taylor]

Geoffrey Young wrote:
>
> > Drew Taylor wrote:
> > I'm quite sure it would be an easy write, but I just haven't done it
> > yet. I think once I convert my CGIs to handlers, it makes
> > sense to do it
> > then. It would be interesting to see if anyone else is interested and
> > work out an API for the most commonly used methods. I work in a small
> > shop, so it would probably not be a big deal to get any resulting code
> > released to the world. Of course, then I have to learn how to create a
> > distributible package... :-)
> 
> for guidance on how to contribute your stuff, read
> http://perl.apache.org/src/apache-modlist.html
> 
> specifically:
> 
> HINT: For a nice set of template files try this:
> 
> % h2xs -AX -n Apache::YourPackageName
I'll be sure to remember that. Thanks for the pointer. Hopefully I can
contribute something back to the community. After all, it gave me
mod_perl. :-)

-- 
Drew Taylor
Vialogix Communications, Inc.
501 N. College Street
Charlotte, NC 28202
704 370 0550
http://www.vialogix.com/

Re: growing processes

[Wim Kerkhoff]

On 08-May-2000 Jeff Beard wrote:
> Not strange, a memory leak. You've got some bad code. If you have a program 
> that you've been twiddling with recently, that would be the place to start 
> looking.

The thing is, It's been doing this since I started coding on things... 

I just clicked into a few things in read the guide...

Is doing the things below terribly bad?  We're actually doing 90% of the
stuff in embperl, but we ran into problems in scoping when using my (), so we
switched to use vars.

#!/usr/bin/perl -w

# some sample code
use strict;
use MyStuff;
use vars qw ($dbh $foo $bar $sql $sth $rc);

$dbh = dbConnect;

sub something {
$foo = "somevvar";
$sth = $dbh->prepare("some sql code");
$sth->execute();
$bar = $sth->fetchrow();
$sth->finish;
}

--

package MyStuff;

use strict;
use DBI;

# export dbConnect, etc

sub dbConnect {
my $dbh = DBI->connect(args,to,dbi);
return $dbh;
}
1;
# end of MyStuff;
---

Regards,

Wim Kerkhoff, Software Engineer
NetMaster Networking Solutions
[EMAIL PROTECTED]

Re: [OT] Great book!

[Clayton Cottingham aka DrFrog]

another great one ive yet to purchase is object oriented perl
there is some sample chapters 
online somewhere



"J. J. Horner" wrote:
> 
> Well, in an effort to improve my effectiveness when coding perl, I bought
> 
> "Effective Perl Programming" by Hall w/ Schwartz.
> 
> I must say, I am enjoying this book.  It appears to be one of the few tech
> books that I can read front to back and be engaged from start to
> finish.  I bought it Sunday, and I'm already half way through.  I may have
> to go through again to cement the concepts, but the text is informative,
> the concepts are enlightening, and the code examples are as relevant as
> I've seen in any book on programming.
> 
> I give this book 4 1/2 'J's out of 5.
> 
> --
> J. J. Horner
> Apache, Perl, Unix, Linux
> [EMAIL PROTECTED] http://www.knoxlug.org/

RE: Newbie Question -

[Geoffrey Young]

> -Original Message-
> From: Drew Taylor [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, May 09, 2000 9:08 AM
> To: Peter Haworth
> Cc: [EMAIL PROTECTED]
> Subject: Re: Newbie Question -
> 
> 
> Peter Haworth wrote:
> > 
> > Drew Taylor wrote:
> > > What I would really like is a module which subclasses 
> Apache::Request,
> > > and has the popup_menu, scrolling_list, and checkbox group methods
> > > available. That way I can use the smaller (faster) 
> Apache::Request and
> > > still have the few HTML generation methods that I need. 
> This would be
> > > similar to Apache::RequestNotes. One day I'll actually do 
> it when I
> > > convert my CGI scripts to perl handlers...
> > 
> > I've written one, but to get it released on CPAN would mean 
> months of legal
> > wrangling, which I'm already going through with my shared 
> cache module.
> > It's easy enough to write for yourself though. Plus you get 
> to restrict the API
> > to one style which makes your code much simpler and faster 
> than CGI.pm
> I'm quite sure it would be an easy write, but I just haven't done it
> yet. I think once I convert my CGIs to handlers, it makes 
> sense to do it
> then. It would be interesting to see if anyone else is interested and
> work out an API for the most commonly used methods. I work in a small
> shop, so it would probably not be a big deal to get any resulting code
> released to the world. Of course, then I have to learn how to create a
> distributible package... :-)

for guidance on how to contribute your stuff, read
http://perl.apache.org/src/apache-modlist.html

specifically:

HINT: For a nice set of template files try this: 

% h2xs -AX -n Apache::YourPackageName

HTH

--Geoff

> 
> -- 
> Drew Taylor
> Vialogix Communications, Inc.
> 501 N. College Street
> Charlotte, NC 28202
> 704 370 0550
> http://www.vialogix.com/
> 

RE: Determining TARGET frame

[Wim Kerkhoff]

On 09-May-2000 [EMAIL PROTECTED] wrote:
> I'm working on my own site with mod_perl and mason.
> 
> I want cookie exchange ONLY with one particular frame.
> 
> I *could* simply just maintain a list of pages that might
> validly be in the paricular frame, but I'd prefer something
> like...
> 
> Is there any method for the Apache::Request object or it's 
> Mason counterpart that will show me what the target frame
> on the user's browser the request is being made for?
> 
> Maybe not.

Cookies, AFAIK, don't allow this.  You could do a couple of things to get
around this... Go by path (store each frame in a different path, and send
"Set-Cookie: name=value; path=/framename", or store the frame name in the value
of the cookie and make a loop that gets all the cookies, splits on a separator,
and disards cookies that you don't want...

Regards,

Wim Kerkhoff, Software Engineer
NetMaster Networking Solutions
[EMAIL PROTECTED]

Re: Newbie Question -

[Peter Haworth]

Drew Taylor wrote:
> What I would really like is a module which subclasses Apache::Request,
> and has the popup_menu, scrolling_list, and checkbox group methods
> available. That way I can use the smaller (faster) Apache::Request and
> still have the few HTML generation methods that I need. This would be
> similar to Apache::RequestNotes. One day I'll actually do it when I
> convert my CGI scripts to perl handlers...

I've written one, but to get it released on CPAN would mean months of legal
wrangling, which I'm already going through with my shared cache module.
It's easy enough to write for yourself though. Plus you get to restrict the API
to one style which makes your code much simpler and faster than CGI.pm

-- 
Peter Haworth   [EMAIL PROTECTED]
"Psychos do not explode when sunlight hits them.
 I don't give a f**k how crazy they are."
-- Seth Gecko, _From Dusk Till Dawn_

Re: [OT] Great book!

[Randal L. Schwartz]

> "J" == J J Horner <[EMAIL PROTECTED]> writes:

J> Well, in an effort to improve my effectiveness when coding perl, I bought 
J> "Effective Perl Programming" by Hall w/ Schwartz.

J> I give this book 4 1/2 'J's out of 5.

Thank you.  I don't think Joseph reads this list, so I'll be sure to
pass it on to him.

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<[EMAIL PROTECTED]> http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

Re: [mod_perl] Mini HOWTO

[Erich L. Markert]

One tiny problem...

Most of the document isn't viewable from Netscape 4.72

Nelson Correa de Toledo Ferraz wrote:
> 
> Hi,
> 
> I've just finished a mod_perl mini HOWTO. It will help developers to
> install mod_perl and _configure_ it. Please let me know if you have any
> idea to improve this document.
> 
> http://www.insite.com.br/~nferraz/projetos/mod_perl.html
> 
> See you,
> 
> Nelson
> 
> __
> Nelson Ferraz   Insite - Solucoes Internet
> e-mail: [EMAIL PROTECTED]   http://www.insite.com.br/

--
__
Mr. Erich L. Markert [EMAIL PROTECTED]
Computer Learning Center TEL (914)422-4328
Pace University
1 Martine Ave
White Plains, New York 10606-1932

Those who do not understand Unix are condemned to reinvent it, poorly.
-- Henry Spencer

Re: [OT] Great book!

[Ben Reed]

> Well, in an effort to improve my effectiveness when coding perl, I bought
>
> "Effective Perl Programming" by Hall w/ Schwartz.

Nah, Randal Schwartz came and taught for us at State Farm and he doesn't know
what he's talking about.  He just... what?  He reads this list?  Oh, hi, Randal!
:)

I'm kidding, I'll second that.  It's a very good book.



---
Ben Reed a.k.a. Ranger Rick
http://defiance.dyndns.org/
[EMAIL PROTECTED]

Re: [Mason]Determining TARGET frame

[Ian Kallen]

Clients don't inform the server of what frame a click originates frame,
you'd have to have a query string or URL based session mgt setup and do it
yourself.  You can direct the client what window/frame to load a response
in with a "Window-target" header but that's about all you can do.  OK,
back to Mason and mod_perl
-Ian

Today, [EMAIL PROTECTED] <[EMAIL PROTECTED]> frothed and gesticulated...:
> I'm working on my own site with mod_perl and mason.
> 
> I want cookie exchange ONLY with one particular frame.
> 
> I *could* simply just maintain a list of pages that might
> validly be in the paricular frame, but I'd prefer something
> like...
> 
> Is there any method for the Apache::Request object or it's 
> Mason counterpart that will show me what the target frame
> on the user's browser the request is being made for?
> 
> Maybe not.
> 
> 
> 
> ___
> Mason maillist  -  [EMAIL PROTECTED]
> http://netizen.com.au/mailman/listinfo/mason
> 

--
Salon Internet  http://www.salon.com/
  Manager, Software and Systems "Livin' La Vida Unix!"
Ian Kallen <[EMAIL PROTECTED]> / AIM: iankallen / Fax: (415) 354-3326 

[mod_perl] Mini HOWTO

[Nelson Correa de Toledo Ferraz]

Hi,

I've just finished a mod_perl mini HOWTO. It will help developers to
install mod_perl and _configure_ it. Please let me know if you have any
idea to improve this document.

http://www.insite.com.br/~nferraz/projetos/mod_perl.html

See you,

Nelson

__
Nelson Ferraz   Insite - Solucoes Internet
e-mail: [EMAIL PROTECTED]   http://www.insite.com.br/

Re: OT: Re: Most nonesense I've ever read about mod_perl

[Keith G. Murphy]

Frank Mayhar wrote:
> 
> Matt Sergeant wrote:
> > On Sun, 7 May 2000, Frank Mayhar wrote:
> > > Perl does have some good constructs for Web work, too.  I've been writing
> > > a webstore and some stuff is really convenient that would be inconvenient
> > > in C.  On the other hand, there's some stuff that I just wouldn't use Perl
> > > for, like, say, a system daemon, and there's other stuff that I _can't_ use
> > > it for, like in the kernel.
> > Do a web search for perlfs - yes someone really did embed perl into the
> > Linux kernel ;-)
> 
> Kill them.  Kill them now.
> --
Don't forget the wooden stake through their hearts.

But, given that Perl has such odd but useful syntax, I've always wanted
to see core Perl in *firmware*.  Think how mod_perl could fly!  :-)

But then, I enjoyed the C64 with its embedded Basic.  I liked it more
when I put that Comal cartridge in there.  Yeah, kill me.  Kill me now.

Re: speed up/load balancing of session-based sites

[Jeffrey W. Baker]

> I'm more concerned about dealing with large numbers of simultaneous
> clients (say 20,000 who all hit at 10 AM) and I've run into problems
> with both dbm and mysql where at a certain point of write activity
> you basically can't keep up.  These problems may be solvable but
> timings just below the problem threshold don't give you much warning
> about what is going to happen when your locks begin to overlap. 

If you are using an RDBMS which has atomic operations, you can turn off
locking in Apache::Session with no effect.  The current locking scheme in
Apache::Session only prevents scrambling the data in non-atomic backing
stores like the disk.  You can turn locking off by using the NullLocker
class.

Version 1.5 has an option (called Transaction) which provides
transactional read consistency.  This is achieved by competely serializing
all access.  When this option is set, the session object gains an
exclusive lock before reading its contents from the backing store, and
holds the exclusinve lock until the object is destroyed.

On the subject of locking, I think that the daemon locker is going to be
the fastest solution for a large-scale operation.  Currently, the
semaphore locker is the slowest (and also only scales to one machine), and
the file locker is only slightly better.

-jwb

[OT] Great book!

[J. J. Horner]

Well, in an effort to improve my effectiveness when coding perl, I bought 

"Effective Perl Programming" by Hall w/ Schwartz.

I must say, I am enjoying this book.  It appears to be one of the few tech
books that I can read front to back and be engaged from start to
finish.  I bought it Sunday, and I'm already half way through.  I may have
to go through again to cement the concepts, but the text is informative,
the concepts are enlightening, and the code examples are as relevant as
I've seen in any book on programming.

I give this book 4 1/2 'J's out of 5.



-- 
J. J. Horner
Apache, Perl, Unix, Linux
[EMAIL PROTECTED] http://www.knoxlug.org/

Re: Cookies and redirection

[Wim Kerkhoff]

On 09-May-2000 Perrin Harkins wrote:
> Bill Desjardins wrote:
>> I checked the archives and the guide to no avail, so here goes. I am
>> having trouble setting a cookie in the header and then doing a
>> redirect. The cookies are working fine every where, but if I add a cookie
>> to $r->headers_out->add(), set a location via $r->headers_out(Location =>
>> 'newrui') and return REDIRECT, I get no cookies being set. is this a bug,
>> feature, or a feature of the wonderful world of incompatible browsers?
> 
> This is a known problem with certain browsers.  The cookie will get set,
> but will not get returned on this first redirect.  You could try putting
> the cookie data in a query string and looking for it there when it isn't
> in the cookie.
> 
> - Perrin

Here's how I got it work to flawlessly (probably not the 'correct' way of doing
it, though :)

$r->send_cgi_header(<

Re: speed up/load balancing of session-based sites

[Leslie Mikesell]

According to Tom Mornini:

> > There must be some size where
> > the data values are as easy to pass as the session key, and some
> > size where it becomes slower and more cumbersome.  Has anyone
> > pinned down the size where a server-side lookup starts to win?
> 
> I can't imagine why anyone would pin a website's future to a session
> system that has a maximum of 1k or 2k of session storage potential!

Using cookies where they work doesn't prevent you from using
another mechanism where you need it.  Conceptually, I think
things like user preferences 'belong' on the user's machine
and should be allowed to be different from one machine/browser
to another for the same user.  Things like a shopping cart
in progress might belong on the server.

> We use a custom written session handler that uses Storable for
> serialization. We're storing complete results for complex select
> statements on pages that require "paging" so that the complex select only
> happens once. We store user objects complete, and many multi-level complex
> data structures at whim.

What kind of traffic can you support with this?

> Limiting yourself to cookie size limitation would be a real drag.

I'm more concerned about dealing with large numbers of simultaneous
clients (say 20,000 who all hit at 10 AM) and I've run into problems
with both dbm and mysql where at a certain point of write activity
you basically can't keep up.  These problems may be solvable but
timings just below the problem threshold don't give you much warning
about what is going to happen when your locks begin to overlap. 

  Les Mikesell
   [EMAIL PROTECTED]

newbie problem..

[Kiran Banoor]

hi,

The present system is having the following access control system.
If the request is from a perticular ip address/domain name mentioned in
config file
it will give access directly with out authenticating (like asking for user
name /password)
else it will promte for user name /password for authentication and this is
working file.

So,now the requirement is instead of giving unlimited access for all the
requests coming
from any domain mentioned in config file i want to limit the number of
sessions so that
if the limit exceeds i don't want to give the access.so, for this i have
written an handler in
mod_perl and put it in  in httpd.conf file but the problem is
when i return the file from my handler using send_fd(filehandle) it returns
the document but it will not parse the
ssis or gif images in the document so is there any way were in i can send
the document with ssis
and images.I highly appreciate u'r help.


Thank you
regards
kiran

Re: Newbie Question -

[Drew Taylor]

Peter Haworth wrote:
> 
> Drew Taylor wrote:
> > What I would really like is a module which subclasses Apache::Request,
> > and has the popup_menu, scrolling_list, and checkbox group methods
> > available. That way I can use the smaller (faster) Apache::Request and
> > still have the few HTML generation methods that I need. This would be
> > similar to Apache::RequestNotes. One day I'll actually do it when I
> > convert my CGI scripts to perl handlers...
> 
> I've written one, but to get it released on CPAN would mean months of legal
> wrangling, which I'm already going through with my shared cache module.
> It's easy enough to write for yourself though. Plus you get to restrict the API
> to one style which makes your code much simpler and faster than CGI.pm
I'm quite sure it would be an easy write, but I just haven't done it
yet. I think once I convert my CGIs to handlers, it makes sense to do it
then. It would be interesting to see if anyone else is interested and
work out an API for the most commonly used methods. I work in a small
shop, so it would probably not be a big deal to get any resulting code
released to the world. Of course, then I have to learn how to create a
distributible package... :-)

-- 
Drew Taylor
Vialogix Communications, Inc.
501 N. College Street
Charlotte, NC 28202
704 370 0550
http://www.vialogix.com/

Re: Cookies and redirection

[Perrin Harkins]

On Tue, 9 May 2000, Robin Berjon wrote:

> At 00:13 09/05/2000 -0700, Perrin Harkins wrote:
> >Bill Desjardins wrote:
> >> I checked the archives and the guide to no avail, so here goes. I am
> >> having trouble setting a cookie in the header and then doing a
> >> redirect. The cookies are working fine every where, but if I add a cookie
> >> to $r->headers_out->add(), set a location via $r->headers_out(Location =>
> >> 'newrui') and return REDIRECT, I get no cookies being set. is this a bug,
> >> feature, or a feature of the wonderful world of incompatible browsers?
> >
> >This is a known problem with certain browsers.  The cookie will get set,
> >but will not get returned on this first redirect.  You could try putting
> >the cookie data in a query string and looking for it there when it isn't
> >in the cookie.
> 
> Isn't there a work-around consisting of making 100% sure the cookie is sent
> before the Location header ?

Not with MSIE.  At least it didn't work for me.
- Perrin

package globals?

[Bill McCabe]

Hi All

I have a mod_perl module in which I am trying to make use of package
globals for relatively static data. The code is in essence the following:

package Apache::repsys;
#File Apache/repsys.pm

use strict;
use Apache::Constants qw(:common);

my ($var1, $var2);

sub handler {
my $r = shift;

#generate string with org_cd selections HTML
&set_var1($r, \$var1) unless defined $var1;

...

}

sub set_var1
{
my $r = shift;
my $var1_ref = shift;

$r->log_error("Setting var1");
$$var1_ref = "HTML string here";
}

Accorging to (my understanding of) the Apache Modules book, $var1 should
stay set between calls to handler() (cf. Apache::ESSI). The module works
great except that my logs show set_var1() is getting hit every time the URL
is accessed, which is bad because the HTML string is set up by a
substantial call to a backend database. What am I missing/confusing?

Thanks in advance

Bill

Determining TARGET frame

[JoshNarins]

I'm working on my own site with mod_perl and mason.

I want cookie exchange ONLY with one particular frame.

I *could* simply just maintain a list of pages that might
validly be in the paricular frame, but I'd prefer something
like...

Is there any method for the Apache::Request object or it's 
Mason counterpart that will show me what the target frame
on the user's browser the request is being made for?

Maybe not.

Re: speed up/load balancing of session-based sites

[Jeffrey W. Baker]

On Tue, 9 May 2000, Gunther Birznieks wrote:
> As far as I knew Apache::Session has never even had anything to do with 
> cookies. It is a persistent storage mechanism where the session "handle" is 
> a uniquely generated ID.
> 
> What you are interested in is a Session "manager" which understands how to 
> deal with the workflow around using a persistent storage mechanism. If you 
> want to play with a sample set of modules to do this you may visit 
> http://www.extropia.com/ExtropiaObjects/
> 
> The SessionManager code hierarchy provides plug and play cookie, path info, 
> and hidden form variable session managers that wrap around a session 
> hierarchy (of which 90% is wrapped around Apache::Session as the persistent 
> storage mechanism).
> 
> SessionManager's belong in a different hierarchy than Session because you 
> don't want to couple the storage mechanism to the type of data... eg 
> Someone may want cookies with file based essions, another person might want 
> path info with database sessions, and yet another person might want a 
> cookie based session with database storage. etc...

By the by, I have read through and used Gunther's SessionManager code, and
I heartily endorse it.  It is a useful piece of programming.  There is
also considerable documentation in book form.

Cheers,
Jeffrey

"require"ing another script?

[Jim Serio]

I recall that files processed with require and
use are processed once (unless you use StatINC,
but that's irrelevant to my problem). Is there
a safe/efficient way to call another script from
within a mod_perl script? Or is this extremely
inefficient? My other solution would be modularize
the second script but it's use is pretty limited
and i'd prefer it be stand-alone.

Jim

Re: growing processes

[Wim Kerkhoff]

On 09-May-2000 Perrin Harkins wrote:
> On Mon, 8 May 2000, Wim Kerkhoff wrote:
>> On a fresh restart of apache, my processes are about 20 ~ 25 MB each,
>> which is about normal for mod_perl (as far as I know).  However,
>> within a few hours (with little use except by our development team),
>> the size is up to 40MB, and by the end of the day up to 60, 70, even
>> 90MB each.
> 
> You're probably doing something that is causing certain variables to have
> temporarily large values.  As always, start with the guide:
> 
> http://perl.apache.org/guide/performance.html#Memory_leakage
> 
> You should also make sure you're doing the usual pre-loading and other
> suggestions from this section of the guide.  You may find the section in
> the camel book on optimizing for size useful as well.
> 
> - Perrin

Ok, I'm going to go check that out right away.

Could this have anything to do with it?

[Tue May  9 09:39:50 2000] [error] DBI->connect failed: ORA-00604: error occurre
d at recursive SQL level 1
ORA-00018: maximum number of sessions exceeded (DBD ERROR: OCISessionBegin) at /
var/rubberoven.com/lib/nmSql.pm line 61

We're using SqlNet to connect multiple Linux web servers to Oracle running on a
Solaris box.

Regards,

Wim Kerkhoff, Software Engineer
NetMaster Networking Solutions
[EMAIL PROTECTED]

Re: speed up/load balancing of session-based sites

[Differentiated Software Solutions Pvt. Ltd.]

Hi,

Reading thorough this interesting posting, I want to focus back on tying
session data across a network.

We are facing a similar problem on our service, which is currently based on
a single server. We're enabled the app. so that it is mirrored on a periodic
basis across a range of servers. Any server can service the first call, but
we would like to ensure that the subsequent calls are serviced by the same
server who answered the first http call. If not, then I have store what the
user had done in the previous calls and this should be accessible to all the
servers.

As I understand from this discussion we have 2 methods involving creating a
session-server which will store all session data.
a) NFS mount a server which will store all session data
b) Have a DB in this server which stores this data. Through a network
connect to the DB and retrieve the info.

My questions
a) Is NFS mount unreliable... esp if the number of hits in each server will
go upto 20 per second. Does this place a limit on the number of servers
which can be connected to the session server.
b) There's lots of chat about Oracle connection slow. Is this a general user
experience. We've got our app. written using Postgres. We had problems
(quite severe) in the initial days. We've somewhat stabilized by getting to
know all quirks of postgres. For a very high-hit site is it wise to switch
to Oracle.
We've solved lots of performance problems, but still find Pg reliability a
bit questionable.
c) How are Oracle connections across network.
Other than having a common session server (which will also hit limits if too
many site-servers) are there any other ways to have a really scaleable
solution to this problem.
Isn't cookies much more scaleable that the session server.

Thanks,

Murali

-Original Message-
From: Leon Brocard <[EMAIL PROTECTED]>
To: 'Jeffrey W. Baker' <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: 09 May 2000 16:54
Subject: RE: speed up/load balancing of session-based sites


>> -Original Message-
>> From: Jeffrey W. Baker [mailto:[EMAIL PROTECTED]]
>> Sent: Monday, May 08, 2000 9:19 PM
>> To: Leslie Mikesell
>> Cc: Jeffrey W. Baker; Greg Stark; [EMAIL PROTECTED]
>> Subject: Re: speed up/load balancing of session-based sites
>>
>>
>> On Mon, 8 May 2000, Leslie Mikesell wrote:
>>
>> > According to Jeffrey W. Baker:
>> >
>> > > > I keep meaning to write this up as an Apache:: module,
>> but it's pretty trivial
>> > > > to cons up an application-specific version. The only
>> thing this doesn't
>> > > > provide is a way to deal with large data structures.
>> But generally if the
>> > > > application is big enough to need such data structures
>> you have a real
>> > > > database from which you can reconstruct the data on
>> each request, just store
>> > > > the state information in the cookie.
>> > >
>> > > Your post does a significant amount of hand waving
>> regarding people's
>> > > requirements for their websites.  I try to keep an open
>> mind when giving
>> > > advice and realize that people all have different needs.
>> That's why I
>> > > prefixed my advice with "On my sites..."
>> >
>> > Can anyone quantify this a bit?
>> >
>> > > On my sites, I use the session as a general purpose data
>> sink.  I find
>> > > that I can significantly improve user experience by
>> keeping things in the
>> > > session related to the user-site interaction.  These
>> session object
>> > > contain way more information than could be stuffed into a
>> cookie, even if
>> > > I assumed that all of my users had cookies turned on.
>> Note also that
>> > > sending a large cookie can significantly increase the size of the
>> > > request.  That's bad for modem users.
>> > >
>> > > Your site may be different.  In fact, it had better be! :)
>> >
>> > Have you timed your session object retrieval and the cleanup code
>> > that becomes necessary with server-session data compared to
>> > letting the client send back (via cookies or URL) everything you
>> > need to reconstruct the necessary state without keeping temporary
>> > session variables on the server?  There must be some size where
>> > the data values are as easy to pass as the session key, and some
>> > size where it becomes slower and more cumbersome.  Has anyone
>> > pinned down the size where a server-side lookup starts to win?
>jwb wrote:
>
>> I have really extensive benchmarks for every part of
>> Apache::Session.  These will be released with version 1.5,
>> which also includes more than fifty new unit tests.
>
>Cool. Strict benchmarking and testing is severely lacking in general
>in Perl modules.
>
>Apache::Session rocks, however the name doesn't describe the functionality
>of the module (it has nothing to do with Apache). Are there any plans
>to change it to "Persistent::Session" or some other name? I'm sure
>people are overlooking it because of this.
>
>Leon
>--
>Leon Brocard   |   perl "programmer"   |   [EMAIL PROTECTED]
>

Re: apache1.3.12, modperl1.23, perl5.6, ApacheJServ1.1, OpenSSL0.9.4, modssl

[G.W. Haywood]

Hi there,

On Mon, 8 May 2000 [EMAIL PROTECTED] wrote:

> I've expirienced similar problems on Solaris (2.6).  After a weeks
> worth of hours I feel confidant saying that the instability is from
> perl 5.6.0 NOT from mod_perl(1.23)
[snip]
> IMHO Solaris(2.6)Perl(5.6) just isn't fully cooked yet.

>From what I've seen Solaris is not much worse than any other OS for
bugs.  But Stas and I both reacted in the same way when 'perl -MCPAN'
tried to upgrade Perl 5.005_03 to 5.6.0 on our development machines.

We stopped it immediately.

It's just too new.  People who like being on the bleeding edge have a
lot of fun testing things so that the more pedestrian of us can have
more reliable products.  I like it that way, and I thank them.
 
There are no secrets about any of this.

I think you were brave indeed to jump into 5.6.0 so soon.  I'll leave
it for at least several months, and then I'll run it on a development
machine to start with.

> I'd just like to say that in this regard I didn't find Open Source
> very Open.  In fact things seemed quite corporate with the
> newsgroups and mailing lists saying "off topic for here" or even
> failing to post legitimate questions.

I can't agree with this.  You have to do a lot of homework if you are
to avoid wasting a lot of very valuable time that you have no right to
waste, and you can't blame people who tell you things for telling you
again if you didn't listen the first time.  But if you do the homework
and try your best to stick to the conventions you'll find tremendously
valuable resources.  Free.

> These products are getting so intertwined the definition of what
> topic belongs where begins to get mighty grey.

I _can_ agree with this.  And if you spend time reading this List you
will see, I'm sure, that its readers take a fairly relaxed view about
[OT] posts.  But you *do* have to do a bit of work if you are to earn
respect - anywhere.  I think it was Graucho Marx who said he didn't
want to join any club that would have him as a member...

> Then again maybe I just didn't read enough FAQs to ask the question
> the right way. I'm not wanting to start a flame war, just reporting
> it as I see it.

Don't sweat it, I'm sure no-one will be offended:)

73,
Ged.

BIG problem seems to be a LITTLE one is solved. THANKS for all comments.

[Christoph Haberberger]

See subject.

RE: To-Experts: BIG problem: my variables in nested subroutin

[Kees Vonk 7249 24549]

> QUESTION: But how should I transform the script, if the
> anonymous subs call each other?


Very simple little example:


#!/usr/bin/perl -w

use strict;

my $i = 0;

my $a;

my $b = sub { print "$i\n"; exit if $i++ >= 10; &$a };

$a = sub { print "$i\n"; exit if $i++ >= 10; &$b };

&$a;



Does that answer your question, or is there a reason you 
cannot do this?


Kees

Re: To-Experts: BIG problem: my variables in nested subroutines, whic h call each other

[shane]

I'm seconding Ime's suggestion, and adding one piece, you don't have
to use anonymous subroutines for everything..., that would be.., well,
a big pain.  Named subroutines where EVERYTHING it uses is passed in
via references.  Also it's return values are sent back via reference
as well.  References "under the covers" are pointers.  So if you were
to pass something to a perl function via a reference, like a hash, the
hash when it got back to it's calling context would be modified...,
this is pretty usefull.

(perldoc perlsub && perldoc perlref BTW)

The last thing is maybe you should look into isolating a lot of this
stuff into modules.  I'm sure your sub's are shared quite frequently
between many scripts..., well, there is no need to suck up all that
extra memory, just pull that into your own module set.

Thanks,
Shane.

The rule is... NO GLOBALS! :-)  Of course, every rule is made to
broken in certain situations.

Re: To-Experts: BIG problem: my variables in nested subroutines,whic h call each other

[Ime Smits]

| QUESTION: But how should I transform the script, if the anonymous subs call
| each other?
| I get always the following error:
| Undefined soubroutine &main:: called at  line .
| I don't know how to solve this. Is there any solution for this? Can I make
| any prototype defs for such subroutines?

A good programming practice is to never let
a sub {} depend nor use any variables which are not explicitly
passed to it. If severel subs should have some kind of globally
used structures to work with, explicitly pass it by reference
to each sub. If you follow that basic rule, you will write code
which is both maintainable and is perfectly suitable for a mod_perl
environment.

Ime

To-Experts: BIG problem: my variables in nested subroutines, which call each other

[Christoph Haberberger]

Hi!

I should migrate Perl-CGIs to mod_perl for performance reasons.
We use many subroutines in our CGIs, which read and write
global (my-defined) variables. Our plain subroutines are not nested,
but they are when the mod_perl wrapper is put around them at execution time.

In this special case, some values are not updated. You get this error:
Variable "$" will not stay shared at  line 
(#1)

This problem is also discribed under:
http://perl.apache.org/guide/perl.html#my_Scoped_Variable_in_Nested_S

This page says to convert all subroutines to "anonymous" subroutines.
This works fine, as long as anonymous subroutines call other anonymous
subs defined before. Ok, now you can order all subroutines, so that they are
always
defined before they are called.

QUESTION: But how should I transform the script, if the anonymous subs call
each other?
I get always the following error:
Undefined soubroutine &main:: called at  line .

I don't know how to solve this. Is there any solution for this? Can I make
any prototype defs for such subroutines?

BIG THANKS IN ADVANCE,
Christoph.

yLine Internet Services AG

Re: Cookies and redirection

[Robin Berjon]

At 00:13 09/05/2000 -0700, Perrin Harkins wrote:
>Bill Desjardins wrote:
>> I checked the archives and the guide to no avail, so here goes. I am
>> having trouble setting a cookie in the header and then doing a
>> redirect. The cookies are working fine every where, but if I add a cookie
>> to $r->headers_out->add(), set a location via $r->headers_out(Location =>
>> 'newrui') and return REDIRECT, I get no cookies being set. is this a bug,
>> feature, or a feature of the wonderful world of incompatible browsers?
>
>This is a known problem with certain browsers.  The cookie will get set,
>but will not get returned on this first redirect.  You could try putting
>the cookie data in a query string and looking for it there when it isn't
>in the cookie.

Isn't there a work-around consisting of making 100% sure the cookie is sent
before the Location header ?



.Robin
All paid jobs absorb and degrade the mind. -- Aristotle

RE: speed up/load balancing of session-based sites

[Leon Brocard]

> -Original Message-
> From: Jeffrey W. Baker [mailto:[EMAIL PROTECTED]]
> Sent: Monday, May 08, 2000 9:19 PM
> To: Leslie Mikesell
> Cc: Jeffrey W. Baker; Greg Stark; [EMAIL PROTECTED]
> Subject: Re: speed up/load balancing of session-based sites
> 
> 
> On Mon, 8 May 2000, Leslie Mikesell wrote:
> 
> > According to Jeffrey W. Baker:
> > 
> > > > I keep meaning to write this up as an Apache:: module, 
> but it's pretty trivial
> > > > to cons up an application-specific version. The only 
> thing this doesn't
> > > > provide is a way to deal with large data structures. 
> But generally if the
> > > > application is big enough to need such data structures 
> you have a real
> > > > database from which you can reconstruct the data on 
> each request, just store
> > > > the state information in the cookie.
> > > 
> > > Your post does a significant amount of hand waving 
> regarding people's
> > > requirements for their websites.  I try to keep an open 
> mind when giving
> > > advice and realize that people all have different needs.  
> That's why I
> > > prefixed my advice with "On my sites..."
> > 
> > Can anyone quantify this a bit?
> > 
> > > On my sites, I use the session as a general purpose data 
> sink.  I find
> > > that I can significantly improve user experience by 
> keeping things in the
> > > session related to the user-site interaction.  These 
> session object
> > > contain way more information than could be stuffed into a 
> cookie, even if
> > > I assumed that all of my users had cookies turned on.  
> Note also that
> > > sending a large cookie can significantly increase the size of the
> > > request.  That's bad for modem users.
> > > 
> > > Your site may be different.  In fact, it had better be! :)
> > 
> > Have you timed your session object retrieval and the cleanup code
> > that becomes necessary with server-session data compared to
> > letting the client send back (via cookies or URL) everything you
> > need to reconstruct the necessary state without keeping temporary
> > session variables on the server?  There must be some size where
> > the data values are as easy to pass as the session key, and some
> > size where it becomes slower and more cumbersome.  Has anyone
> > pinned down the size where a server-side lookup starts to win?
jwb wrote:

> I have really extensive benchmarks for every part of 
> Apache::Session.  These will be released with version 1.5,
> which also includes more than fifty new unit tests.

Cool. Strict benchmarking and testing is severely lacking in general
in Perl modules.

Apache::Session rocks, however the name doesn't describe the functionality
of the module (it has nothing to do with Apache). Are there any plans
to change it to "Persistent::Session" or some other name? I'm sure 
people are overlooking it because of this.

Leon
--
Leon Brocard   |   perl "programmer"   |   [EMAIL PROTECTED]

Re: Session management moudle suggestions?

[Francesc Guasch]

Stephen Zander wrote:
> 
> I've avoided session management like the plague until now (intranets
> let you get away with that sort of thing :)) but rolling out web-based
> LDAP is forcing session management upon me.
> 
> Other than Apache::Session what are my choices?  How well do any of
> these play with templating (Embperl, Mason et al)?
> 
I'm a very happy user of Apache::Session::DBI that works
very well with HTML::Mason

-- 
 - frankie -

Re: Cookies and redirection

[Perrin Harkins]

Bill Desjardins wrote:
> I checked the archives and the guide to no avail, so here goes. I am
> having trouble setting a cookie in the header and then doing a
> redirect. The cookies are working fine every where, but if I add a cookie
> to $r->headers_out->add(), set a location via $r->headers_out(Location =>
> 'newrui') and return REDIRECT, I get no cookies being set. is this a bug,
> feature, or a feature of the wonderful world of incompatible browsers?

This is a known problem with certain browsers.  The cookie will get set,
but will not get returned on this first redirect.  You could try putting
the cookie data in a query string and looking for it there when it isn't
in the cookie.

- Perrin