Re: session module

2010-10-30 Thread Perrin Harkins 
On Fri, Oct 29, 2010 at 4:23 PM, Lon Koenig  wrote:
> Are these susceptible to the cleartext cookie silliness exposed by FireSheep?

Well, Apache::Session doesn't handle cookies at all, so it's entirely
up to you how you want to deal with it, and CGI::Session doesn't
dictate whether or not your site uses SSL, so that is also up to you.

There is no way to prevent people from potentially seeing cookies (or
anything else) passed over a non-SSL network.  Sites that are
seriously concerned about this should use SSL.  Even sites that don't
use SSL should use cookies with some form of MAC and a reasonable
session timeout.

- Perrin

Re: session module

2010-10-29 Thread Lon Koenig 
Haven't used any of the popular session modules in awhile.
Are these susceptible to the cleartext cookie silliness exposed by
FireSheep?

"Great Artists Ship"
Lon Koenig l...@schnoggo.com  http://lonk.me 



On Fri, Oct 29, 2010 at 7:47 AM, Jeff Pang  wrote:

> 于 2010-10-29 20:42, Fayland Lam 写道:
>
>  try Dancer. which is very suitable for small application. just one file.
>>
>>
> Ok I will check out it.
> I first time knew Dancer from ruby 2 years ago.
> Never know that there is a perl execution of that.
>
>

Re: session module

2010-10-29 Thread Phil Carmody 
--- On Fri, 10/29/10, Fayland Lam  wrote:
> try Dancer. which is very suitable
> for small application. just one file.

One file containing:
"""
use Dancer::Config;
use Dancer::FileUtils;
use Dancer::GetOpt;
use Dancer::Error;
use Dancer::Helpers;
use Dancer::Logger;
use Dancer::Plugin;
use Dancer::Renderer;
use Dancer::Response;
use Dancer::Route;
use Dancer::Serializer::JSON;
use Dancer::Serializer::YAML;
use Dancer::Serializer::XML;
use Dancer::Serializer::Dumper;
use Dancer::Session;
use Dancer::SharedData;
use Dancer::Handler;
use Dancer::ModuleLoader;
"""
which isn't "one file" by my reckoning. Nevertheless, it looks very 
interesting. I will try a toy applet with it this weekend. Thanks for 
mentioning it.

Phil

> On Fri, Oct 29, 2010 at 8:37 PM, Jeff Pang 
> wrote:
> > 于 2010-10-29 20:28, Fayland Lam 写道:
> >>
> >> try a framework. that's much more popular. :)
> >>
> >
> > I wrote a small application with few scripts.
> > A framework like catalyst is too large to use for me.

Re: session module

2010-10-29 Thread Jeff Pang 

于 2010-10-29 20:42, Fayland Lam 写道:

try Dancer. which is very suitable for small application. just one file.



Ok I will check out it.
I first time knew Dancer from ruby 2 years ago.
Never know that there is a perl execution of that.

Re: session module

2010-10-29 Thread Perrin Harkins 
On Fri, Oct 29, 2010 at 8:39 AM, Jeff Pang  wrote:
> I know CGI::Session well.
> But have been thinking does Apache::Session get better performance under
> modperl?

I haven't measured it, but I doubt there's any significant performance
difference.  Don't be fooled by the "CGI" in CGI::Session.

- Perrin

Re: session module

2010-10-29 Thread Fayland Lam 
try Dancer. which is very suitable for small application. just one file.

Thanks

On Fri, Oct 29, 2010 at 8:37 PM, Jeff Pang  wrote:
> 于 2010-10-29 20:28, Fayland Lam 写道:
>>
>> try a framework. that's much more popular. :)
>>
>
> I wrote a small application with few scripts.
> A framework like catalyst is too large to use for me.
> Thanks.
>
> Jeff.
>
>



-- 
Fayland Lam // http://www.fayland.org/

Re: session module

2010-10-29 Thread Jeff Pang 

于 2010-10-29 20:20, Perrin Harkins 写道:

Both work.  CGI::Session was better maintained for a while but it
looks like Apache::Session has been updated recently.  Pick the one
that you find easiest to understand from the documentation.



I know CGI::Session well.
But have been thinking does Apache::Session get better performance under 
modperl?


Thanks.

Jeff.

Re: session module

2010-10-29 Thread Jeff Pang 

于 2010-10-29 20:28, Fayland Lam 写道:

try a framework. that's much more popular. :)



I wrote a small application with few scripts.
A framework like catalyst is too large to use for me.
Thanks.

Jeff.

Re: session module

2010-10-29 Thread Fayland Lam 
try a framework. that's much more popular. :)

On Fri, Oct 29, 2010 at 8:20 PM, Perrin Harkins  wrote:
> Both work.  CGI::Session was better maintained for a while but it
> looks like Apache::Session has been updated recently.  Pick the one
> that you find easiest to understand from the documentation.
>
> - Perrin
>
> 2010/10/29 Jeff Pang :
>> is Apache::Session or CGI::Session better for mod_perl?
>>
>> Thanks.
>>
>



-- 
Fayland Lam // http://www.fayland.org/

Re: session module

2010-10-29 Thread Perrin Harkins 
Both work.  CGI::Session was better maintained for a while but it
looks like Apache::Session has been updated recently.  Pick the one
that you find easiest to understand from the documentation.

- Perrin

2010/10/29 Jeff Pang :
> is Apache::Session or CGI::Session better for mod_perl?
>
> Thanks.
>