Re: Load Balancing, mod_proxy, rewrite problem
I think I had a similar problem. It's a while since I tackled it, so I might be wrong. In any case, I was having problems doing proxy with a rewritemap. My reason for wanting to do this was so I could use the weighting feature of rewritemaps to do weighted load balancing between frontend and backend apaches. I mailed Engelschall, but I hear he gets so much mail about mod_rewrite that it takes him years to respond. In any case, I have a patch to mod_rewrite that fixed the problem for me. The breakdown of the issue was that mod_rewrite wouldn't do a proxy on a subrequest. Be warned: I think this patch causes problems with the automatic adding of trailing /'s on URLs. Tom On Tue, May 14, 2002 at 12:19:44PM -0400, Perrin Harkins wrote: mire wrote: I have code like this: RewriteEngine On RewriteLog /var/site/rewrite.log RewriteMaplb prg:/tmp/lb RewriteRule ^/trta$ http://${lb:prvi|drugi} [proxy,last] and a perl script (a copy from mod_proxy manual) but it doesn't work, it seems like perl script is waiting indeffinetly for input. Sorry, this is not a mod_perl problem. You should try the general Apache user mailing lists, or see if there's a list or newsgroup for mod_rewrite. - Perrin -- Tom Lancaster Red Hat, Inc. [EMAIL PROTECTED] (510)-986-8770 x 354 This patch is necessary to allow rewriterules to be applied to subrequests when they are meant to be proxied. We need this to allow mod_include to get /apps/include/pane.html from the app servers by proxy. --- apache_1.3.19/src/modules/standard/mod_rewrite.c.proxy-subreq Wed Jan 31 20:12:26 2001 +++ apache_1.3.19/src/modules/standard/mod_rewrite.cWed May 23 16:39:47 2001 @@ -1604,10 +1604,10 @@ /* * Ignore this rule on subrequests if we are explicitly - * asked to do so or this is a proxy-throughput or a + * asked to do so or if this is a * forced redirect rule. */ if (r-main != NULL (p-flags RULEFLAG_IGNOREONSUBREQ || - p-flags RULEFLAG_PROXY || +/* p-flags RULEFLAG_PROXY || */ p-flags RULEFLAG_FORCEREDIRECT)) { continue;
Re: Load Balancing, mod_proxy, rewrite problem
On closer examination, I don't think this will solve your problem - this helps when you want to proxy something that's been included via mod_include. Tom On Tue, May 14, 2002 at 09:32:54AM -0700, Tom Lancaster wrote: I think I had a similar problem. It's a while since I tackled it, so I might be wrong. In any case, I was having problems doing proxy with a rewritemap. My reason for wanting to do this was so I could use the weighting feature of rewritemaps to do weighted load balancing between frontend and backend apaches. I mailed Engelschall, but I hear he gets so much mail about mod_rewrite that it takes him years to respond. In any case, I have a patch to mod_rewrite that fixed the problem for me. The breakdown of the issue was that mod_rewrite wouldn't do a proxy on a subrequest. Be warned: I think this patch causes problems with the automatic adding of trailing /'s on URLs. Tom On Tue, May 14, 2002 at 12:19:44PM -0400, Perrin Harkins wrote: mire wrote: I have code like this: RewriteEngine On RewriteLog /var/site/rewrite.log RewriteMaplb prg:/tmp/lb RewriteRule ^/trta$ http://${lb:prvi|drugi} [proxy,last] and a perl script (a copy from mod_proxy manual) but it doesn't work, it seems like perl script is waiting indeffinetly for input. Sorry, this is not a mod_perl problem. You should try the general Apache user mailing lists, or see if there's a list or newsgroup for mod_rewrite. - Perrin -- Tom Lancaster Red Hat, Inc. [EMAIL PROTECTED] (510)-986-8770 x 354 This patch is necessary to allow rewriterules to be applied to subrequests when they are meant to be proxied. We need this to allow mod_include to get /apps/include/pane.html from the app servers by proxy. --- apache_1.3.19/src/modules/standard/mod_rewrite.c.proxy-subreq Wed Jan 31 20:12:26 2001 +++ apache_1.3.19/src/modules/standard/mod_rewrite.c Wed May 23 16:39:47 2001 @@ -1604,10 +1604,10 @@ /* * Ignore this rule on subrequests if we are explicitly - * asked to do so or this is a proxy-throughput or a + * asked to do so or if this is a * forced redirect rule. */ if (r-main != NULL (p-flags RULEFLAG_IGNOREONSUBREQ || - p-flags RULEFLAG_PROXY || +/* p-flags RULEFLAG_PROXY || */ p-flags RULEFLAG_FORCEREDIRECT)) { continue; -- Tom Lancaster Red Hat, Inc. [EMAIL PROTECTED] (510)-986-8770 x 354
Re: templating benchmarks...
This benchmark can be very non-representive. If you don't know how to optimize each and every thing under test, you end up with unfair benchmark and come to potentially wrong conclusions. Take TT, add compiled template caching on the disk and shared TT object and I bet TT won't be at the bottom. In any case always remember that it's extremely hard to run a fair benchmark. I'd say it's almost impossible. The only fair benchmarking can be done if you know all the in's and out's of the 'things' under test and provide many benchmark tests each exploring a single property and not just 'one for all' benchmark. Of course it's a good thing to have benchmarks, but they all should be taken with a grain of salt. Absolutely. But I'd like to bring up something I've noticed in benchmarking 'real' sites: many, if not all, of the templating solutions appear to parse the whole of an html page. This is at least true of Apache::ASP and HTML::Mason, which I have used. Is it not ? I have produced really dramatic differences in performance in a two-tier setup by judicious use of mod_include vs. wholesale proxying of pages with dynamic content through to the mod_perl/Apache::ASP server. For example: In a situation with 1 lightweight frontend proxy and two backend mod_perl/Apache::ASP app servers ( with load distributed evenly using a patched mod_rewrite and its ability to select randomly from a list in a file ) , in one part of the site the dynamic headers and footers are generated by using !--#include virtual=/apps/include/pane.html?pane=headerlocation=$REQUEST_URI --, where the file being included is in fact proxied back to the app servers to receive content; in other parts of the site similarly simple pages are proxied in their entirety to the app servers. The results I can produce ( granted only with 'ab' ) are stunningly different: when I request the header and footer from the app servers using mod_include plus my modified mod_rewrite ( the stock version refuses to rewrite proxied requests ), I get up to 600 requests / second. When proxying the whole page through I get around 6 requests / second. Granted, I have other major bottlenecks involved: using Berkeley DB v1.x for session state, for one. Perhaps this explains some of it -- maybe the proxied header/footer requests never make session calls. I suspect that the wholesale parsing/eval-ing of html pages also plays a part. What do y'all think ? Tom _ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide http://perl.apache.org/guide mailto:[EMAIL PROTECTED] http://apachetoday.com http://eXtropia.com/ http://singlesheaven.com http://perl.apache.org http://perlmonth.com/
Re: Connection to MySQL DB fails when mod_perl enabled...
I appreciate what you were looking for Ken. But that's the point - I don't get an error string. All I get is an Internal Server Error. Sorry if I'm pointing out the obvious, but that's what you usually see in the browser. The real error message will be in your apache logs, quite often in /var/log/httpd/error_log, but defined in your apache configuration. -- Tom Lancaster Red Hat, Inc. [EMAIL PROTECTED] (510)-986-8770 x 354
Re: RFC: mod_perl advocacy project resurrection
Certification's are really hard and really expensive to do and pretty much crap even done well. We don't want anything to do with it. (IMO) - ask If you want to check if someone's certifiable, just search for their name in the archives of this list. Anyone you would want to hire has probably contributed something here. No pun intended, BTW. -- Tom Lancaster Red Hat, Inc. Web Engineer(415) 777-9810 x 228 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: two identical directives in Perl configuration
I think require = ["group payer_manager", "payer_group demo"] should do it. On Fri, Nov 17, 2000 at 01:11:09PM -0500, Adi Fairbank wrote: Say I have a $Directory{} configuration in a Perl section like so: $Directory{"/home/httpd/html-ssl/demo"} = { SetHandler = "perl-script", PerlAuthenHandler = "Authen", PerlAuthzHandler = "Authz", require = "group payer_manager", require = "payer_group demo", }; Obviously this won't work because the second "require = " directive will clobber the first. So what's the workaround? I couldn't think of what the logical perl translation to having two require directives would be... -Adi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Tom Lancaster Red Hat, Inc. Web Engineer(415) 777-9810 x 228 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Files .. in virtualhosts in perl sections
Anyone have any experience doing Files sections inside of perlsections virtualhosts. I can't see anything in the docs about this. Just wanted to ask before I start experimenting, as I don't have the first clue about how this syntax might work. Thanks, -- Tom Lancaster Red Hat, Inc. Web Engineer(415) 777-9810 x 228
Re: mod_perl and DBI::Proxy
My experience of using DBI::Proxy several months ago is that it's terribly slow, and breaks all the time. It's not meant to be used in a production environment ( and that's according to the authors ). I managed to get it running, on linux and NT, but due to the lack of a working fork() or threads support in perl on NT, I could only use a single instance of the server at a time. If you can get it working *nix to *nix, your mileage may be better. Regards. Bill McCabe wrote: Hi All I'm thinking of restructuring my setup so that I have my apache/mod_perl servers access database servers remotely using DBI::Proxy, rather than locally. Does anyone have a sense of what kind of performance degradation I should expect? Will it come chiefly from network latency (leaving encryption out for the moment)? Also, I've never managed to install DBI::Proxy successfully on any system (AIX 4.2.1/4.3.2/4.3.3, Red Hat 6.0/1/2; perl 5.005/5.6.0; apache 1.3.12/mod_perl 1.24). The tests always fails for the RPC piece. Is the RPC module typically this problematic? TIA Bill
Re: mod_perl and DBI::Proxy
I know, seems promising, doesn't it, especially after the overview in the DBI book. On the other hand, you can do most things another way - SSH port forwarding for encrypted data transmission, straight DBI/DBD available for most dbs, etc. Bill McCabe wrote: That's a shame. I can see good use for it. Is it the RPC chunk that is slow and unreliable or the DBI part? Or has no one really pursued making a production-quality module out of it? Bill At 11:24 AM -0700 9/19/00, Tom Lancaster wrote: My experience of using DBI::Proxy several months ago is that it's terribly slow, and breaks all the time. It's not meant to be used in a production environment ( and that's according to the authors ). I managed to get it running, on linux and NT, but due to the lack of a working fork() or threads support in perl on NT, I could only use a single instance of the server at a time. If you can get it working *nix to *nix, your mileage may be better. Regards. Bill McCabe wrote: Hi All I'm thinking of restructuring my setup so that I have my apache/mod_perl servers access database servers remotely using DBI::Proxy, rather than locally. Does anyone have a sense of what kind of performance degradation I should expect? Will it come chiefly from network latency (leaving encryption out for the moment)? Also, I've never managed to install DBI::Proxy successfully on any system (AIX 4.2.1/4.3.2/4.3.3, Red Hat 6.0/1/2; perl 5.005/5.6.0; apache 1.3.12/mod_perl 1.24). The tests always fails for the RPC piece. Is the RPC module typically this problematic? TIA Bill
Re: Anyone get Apache::PerlVINC to work?
Doug MacEachern wrote: the suggestion was to upgrade Apache::ExtUtils (to cvs version, w/ bug fix), which generates PerlVINC.xs. Where can I find this?
Anyone get Apache::PerlVINC to work?
I get the behaviour described in the BUGS section of the docs: server silently fails to start. However, I'm using the latest version of Apache::ExtUtils, as recommended. Also using mod_perl 1.22, Apache 1.3.12, Apache::ASP 2.03. Has anyone got PerlVINC to work with this combo? Tom
Re: Anyone get Apache::PerlVINC to work?
That's the version I'm using, and it's in the docs for that module that the problem I'm having is described. It claims to be fixable by using the latest ExtUtils. I guess not :( I suppose I'd better update my mod_perl. Stas Bekman wrote: On Fri, 18 Aug 2000, Tom Lancaster wrote: I get the behaviour described in the BUGS section of the docs: server silently fails to start. However, I'm using the latest version of Apache::ExtUtils, as recommended. Also using mod_perl 1.22, Apache 1.3.12, Apache::ASP 2.03. Has anyone got PerlVINC to work with this combo? Use the latest version, it's not a part of the Apache::ExtUtils, but distributed in a separate package: Module id = Apache::PerlVINC CPAN_USERID DAVEM (Dave Moore [EMAIL PROTECTED]) CPAN_VERSION 0.02 CPAN_FILED/DA/DAVEM/Apache-PerlVINC-0.02.tar.gz MANPAGEApache::PerlVINC - Allows versioning of modules among directories or v-hosts. It's about a time to upgrade the mod_perl server as well :) _ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide http://perl.apache.org/guide mailto:[EMAIL PROTECTED] http://apachetoday.com http://jazzvalley.com http://singlesheaven.com http://perlmonth.com perl.org apache.org
Re: Apache hanging when it reaches limit of process limit
Doug MacEachern wrote: On Tue, 6 Jun 2000, Tom Lancaster wrote: Here's the output of gdb: ( now what does this mean?) ... Breakpoint 1, 0x400ddd35 in exit () from /lib/libc.so.6 (gdb) bt #0 0x400ddd35 in exit () from /lib/libc.so.6 #1 0x80851e1 in ap_start_restart () #2 0x8085454 in ap_start_restart () #3 0x80862d7 in ap_child_terminate () #4 0x8086a4d in main () #5 0x400d5a42 in __libc_start_main () from /lib/libc.so.6 (gdb) the exit() makes sense, since you have maxrequestsperchild set to 1, but the stacktrace should look more like this: (gdb) where #0 exit (status=0) at exit.c:40 #1 0x80cf0eb in clean_child_exit (code=0) at http_main.c:493 #2 0x80d1e83 in child_main (child_num_arg=0) at http_main.c:3893 #3 0x80d23dc in make_child (s=0x821dbe4, slot=0, now=960572421) at http_main.c:4264 #4 0x80d2537 in startup_children (number_to_start=5) at http_main.c:4346 #5 0x80d2b54 in standalone_main (argc=6, argv=0xb624) at http_main.c:4634 #6 0x80d32d3 in main (argc=6, argv=0xb624) at http_main.c:4961 are you calling $r-child_terminate somewhere? that's not actually called anywhere in the apache source, it's just an api for modules. I suspect that's being called somewhere in Embperl. The hanging problem has gone away now, and it appears to have been due to a rogue piece of shared memory - after I got rid of it with ipcrm sem ..., the children terminate properly, and the process table doesn't fill up. Would that seem reasonable? Tom
Apache hanging when it reaches limit of process limit
Hi, I've got this strange behavior in a production site that until a recent upgrade never showed this kind of thing: I've set maxclients to 50, maxrequestsperchild 1. What happens is that the server runs fine, is fast, etc, but the number of apache processes climbs gradually until it reaches ~maxclients, then will no longer serve pages. I thought this was due to children not exiting, but some of them apparently do, as the number of processes rises and falls on its way to the top. What is Apache supposed to do when you set maxrequestsperchild to 1? I'd have thought each process would exit immediatley after serving something. I'm inclined to think there's something in my code that's hanging, but I read that the symptom of that is processes consuming large amounts of CPU - they're not, and memory usage is normal, too (~10M). Another symptom: sometimes when the processes are nearing the top, they'll start haging, but one by one; if I hit stop on a non-responsive request, then re-try, it serves fine. I'm using the debian package of modperl 1.21 statically linked with apache 1.3.9, and HTML::Embperl 1.2.1 ( I think). Any insight greatly appreciated. Tom
Re: Apache hanging when it reaches limit of process limit
Here's the output of gdb: ( now what does this mean?) Starting program: /usr/sbin/apache -X (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...Breakpoint 1 at 0x400ddd35 (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)... Breakpoint 1, 0x400ddd35 in exit () from /lib/libc.so.6 (gdb) bt #0 0x400ddd35 in exit () from /lib/libc.so.6 #1 0x80851e1 in ap_start_restart () #2 0x8085454 in ap_start_restart () #3 0x80862d7 in ap_child_terminate () #4 0x8086a4d in main () #5 0x400d5a42 in __libc_start_main () from /lib/libc.so.6 (gdb) Stas Bekman wrote: On Tue, 6 Jun 2000, Tom Lancaster wrote: Hi, I've got this strange behavior in a production site that until a recent upgrade never showed this kind of thing: I've set maxclients to 50, maxrequestsperchild 1. What happens is that the server runs fine, is fast, etc, but the number of apache processes climbs gradually until it reaches ~maxclients, then will no longer serve pages. I thought this was due to children not exiting, but some of them apparently do, as the number of processes rises and falls on its way to the top. What is Apache supposed to do when you set maxrequestsperchild to 1? I'd have thought each process would exit immediatley after serving something. I'm inclined to think there's something in my code that's hanging, but I read that the symptom of that is processes consuming large amounts of CPU - they're not, and memory usage is normal, too (~10M). Another symptom: sometimes when the processes are nearing the top, they'll start haging, but one by one; if I hit stop on a non-responsive request, then re-try, it serves fine. I'm using the debian package of modperl 1.21 statically linked with apache 1.3.9, and HTML::Embperl 1.2.1 ( I think). Any insight greatly appreciated. Tom try this: Date: Thu, 25 May 2000 12:13:20 -0700 (PDT) From: Doug MacEachern [EMAIL PROTECTED] To: Roberto Bourgonjen [EMAIL PROTECTED] cc: [EMAIL PROTECTED] Subject: Re: httpd exits with apache-1.3.12 and mod_perl-1.21 on Redhat 6.2 On Wed, 24 May 2000, Roberto Bourgonjen wrote: Hi all, I am encountering strange problems on redhat 6.2 installations with rpm's apache-1.3.12-2 and mod_perl-1.21-10 (the latest available versions from redhat. I _have_ to use rpm's). I've tried two machines. As soon as load certain modules the server exits immediately, without producing the slightest error message. try this: % gdb httpd (gdb) b exit (gdb) run -X whether it core dumps or exit() is called, post the output of: (gdb) bt _ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide http://perl.apache.org/guide mailto:[EMAIL PROTECTED] http://perl.org http://stason.org/TULARC http://singlesheaven.com http://perlmonth.com http://sourcegarden.org
Re: Apache hanging when it reaches limit of process limit
OK, I followed the directions in SUPPORT, for gdb, and got this : (gdb) run -X -f /usr/local/apache/conf/httpd.conf.test Starting program: /usr/local/mod_perl-1.24/../apache_1.3.12/src/httpd -X -f /usr/local/apache/conf/httpd.conf.test Subroutine Apache::TIEHANDLE redefined at /usr/lib/perl5/5.005/i386-linux/mod_perl.pm line 65535. What's causing this? Stas Bekman wrote: On Tue, 6 Jun 2000, Tom Lancaster wrote: Here's the output of gdb: ( now what does this mean?) You should compile mod_perl with PERL_DEBUG=1, see the SUPPORT file. Starting program: /usr/sbin/apache -X (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...Breakpoint 1 at 0x400ddd35 (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)... Breakpoint 1, 0x400ddd35 in exit () from /lib/libc.so.6 (gdb) bt #0 0x400ddd35 in exit () from /lib/libc.so.6 #1 0x80851e1 in ap_start_restart () #2 0x8085454 in ap_start_restart () #3 0x80862d7 in ap_child_terminate () #4 0x8086a4d in main () #5 0x400d5a42 in __libc_start_main () from /lib/libc.so.6 (gdb) Stas Bekman wrote: On Tue, 6 Jun 2000, Tom Lancaster wrote: Hi, I've got this strange behavior in a production site that until a recent upgrade never showed this kind of thing: I've set maxclients to 50, maxrequestsperchild 1. What happens is that the server runs fine, is fast, etc, but the number of apache processes climbs gradually until it reaches ~maxclients, then will no longer serve pages. I thought this was due to children not exiting, but some of them apparently do, as the number of processes rises and falls on its way to the top. What is Apache supposed to do when you set maxrequestsperchild to 1? I'd have thought each process would exit immediatley after serving something. I'm inclined to think there's something in my code that's hanging, but I read that the symptom of that is processes consuming large amounts of CPU - they're not, and memory usage is normal, too (~10M). Another symptom: sometimes when the processes are nearing the top, they'll start haging, but one by one; if I hit stop on a non-responsive request, then re-try, it serves fine. I'm using the debian package of modperl 1.21 statically linked with apache 1.3.9, and HTML::Embperl 1.2.1 ( I think). Any insight greatly appreciated. Tom try this: Date: Thu, 25 May 2000 12:13:20 -0700 (PDT) From: Doug MacEachern [EMAIL PROTECTED] To: Roberto Bourgonjen [EMAIL PROTECTED] cc: [EMAIL PROTECTED] Subject: Re: httpd exits with apache-1.3.12 and mod_perl-1.21 on Redhat 6.2 On Wed, 24 May 2000, Roberto Bourgonjen wrote: Hi all, I am encountering strange problems on redhat 6.2 installations with rpm's apache-1.3.12-2 and mod_perl-1.21-10 (the latest available versions from redhat. I _have_ to use rpm's). I've tried two machines. As soon as load certain modules the server exits immediately, without producing the slightest error message. try this: % gdb httpd (gdb) b exit (gdb) run -X whether it core dumps or exit() is called, post the output of: (gdb) bt _ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide http://perl.apache.org/guide mailto:[EMAIL PROTECTED] http://perl.org http://stason.org/TULARC http://singlesheaven.com http://perlmonth.com http://sourcegarden.org _ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide http://perl.apache.org/guide mailto:[EMAIL PROTECTED] http://perl.org http://stason.org/TULARC http://singlesheaven.com http://perlmonth.com http://sourcegarden.org
Apache::TIEHANDLE?
Hi, I get this error on startup: Subroutine Apache::TIEHANDLE redefined at /usr/lib/perl5/5.005/i386-linux/mod_perl.pm line 65535. What does this mean? Thanks, Tom
[Embperl] - non-alpha characters disappearing in %fdat
Can anyone tell me why the '*' is not coming through in the fdat stuff? Even better, does anyone know how to allow it? I assume this is some kind of HTML-escaping for our safety. I amusing 1.3b2 with the following options: $optRawInput = 0; $optDisableTableScan = 2048; $escmode = 0; Thanks, Tom
Re: 100% sessions?
Yes, we use our own url-rewriting implementation of Apache::Session::DBI - we just use method calls instead of hrefs ($ui-a_href('page.html','querystring','other stuff') ) which whop a key=Apache::Sessionkey into the query string. In addition, to time out sessions we added a timestamp field to the sessions database, and run a cron job or daemon to wipe out all the ones over a certain age. Jay Jacobs wrote: I've been perusing the archives on the topic of cookie vs. url vs. user session tracking, and I can't find a solution that is 100% effective. Here's the scenario... using Apache::Session::DBI on a public site, where registered users can log in to get detailed information and "place orders" online. Non-registered users will get basic information and ideally should be able to "place orders" that will have no real effect on the site (i.e. shopping cart with no purchasing) Here's some major concerns I groked from the archives: cookies: disabled from proxies, or disabled for "security" user-based: wouldn't solve non-registered user issue, nor site-wide url: requires site-wide url-rewriting, insecure from HTTP_REFERER standpoint My thought is to try to verify it from ip but that breaks when proxies come from more than one ip (AOL), or when nat is in place covering multiple client systems. Also adding a lame security attempt, and put a timed expiration on the server-side session after an hour or so. I'm thinking of just relying on cookies, while not 100%, it's gotta be close to 80 or 90% which may be good for this project. But I figured others had faced this same issue and had an ample solution... Jay Jacobs LachNet Inc.