You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Tatsuhiko Miyagawa <mi...@edge.co.jp> on 2001/10/10 18:30:29 UTC

ANN/RFC: Apache::Session::Generate variants

Here is Apache::Session::Generate::* variants, which especially
uses Apache standard C-modules.

Apache::Session::Generate::ModUniqueId
  http://bulknews.net/lib/archives/Apache-Session-Generate-ModUniqueId-0.01.tar.gz
  http://bulknews.net/lib/archives/Apache-Session-Generate-ModUniqueId-0.01.html

  uses mod_unique_id for session id.

Apache::Session::Generate::ModUsertrack
  http://bulknews.net/lib/archives/Apache-Session-Generate-ModUsertrack-0.01.tar.gz
  http://bulknews.net/lib/archives/Apache-Session-Generate-ModUsertrack-0.01.html

  uses mod_usertrack's cookie for session id.


Suggestions & patches are welcome.

Thanks.

--
Tatsuhiko Miyagawa <mi...@bulknews.net>

Re: ANN/RFC: Apache::Session::Generate variants

Posted by "Jeffrey W. Baker" <jw...@acm.org>.

On Fri, 12 Oct 2001, Gerald Richter wrote:

> >
> > If you have other things on your mind, that's fine.  That's why I
> > suggested you should consider letting someone else maintain it.  I know
> > I'm not the only person frustrated by the current state of affairs.
> >
>
> My solution to this problem is, that I have created a package named
> Apache::SessionX which subclasses Apache::Session and contains all the
> eXtentsion I need (most of them for Embperl, but they are also usefull
> outside of Embperl). This also contains a replacement for
> Apache::Session::Flex which can be configured via Makefile.PL and make test
> is testing if this really works on the system.

See, Gerald is a smart fellow, and I like that he never threatened to take
over my modules.

-jwb

Re: ANN/RFC: Apache::Session::Generate variants

Posted by Gerald Richter <ri...@ecos.de>.

>
> If you have other things on your mind, that's fine.  That's why I
> suggested you should consider letting someone else maintain it.  I know
> I'm not the only person frustrated by the current state of affairs.
>

My solution to this problem is, that I have created a package named
Apache::SessionX which subclasses Apache::Session and contains all the
eXtentsion I need (most of them for Embperl, but they are also usefull
outside of Embperl). This also contains a replacement for
Apache::Session::Flex which can be configured via Makefile.PL and make test
is testing if this really works on the system.

The main point why I wrote this is, that Jeff doesn't like to have some of
the functionality in the Apache::Session base class and I can bugfix and
maintain it myself, without waiting for the next release of Apache::Session
(there are also some ways to subsubclass Apache::Session::x:y packages build
in)

It is currently available from ftp://ftp.dev.ecos.de/pub/perl/session/ and
will be soon released to CPAN

Gerald


-------------------------------------------------------------
Gerald Richter    ecos electronic communication services gmbh
Internetconnect * Webserver/-design/-datenbanken * Consulting

Post:       Tulpenstrasse 5         D-55276 Dienheim b. Mainz
E-Mail:     richter@ecos.de         Voice:    +49 6133 925131
WWW:        http://www.ecos.de      Fax:      +49 6133 925152
-------------------------------------------------------------

Re: ANN/RFC: Apache::Session::Generate variants

Posted by "Jeffrey W. Baker" <jw...@acm.org>.

On Thu, 11 Oct 2001, Dave Rolsky wrote:

> On Thu, 11 Oct 2001, Jeffrey W. Baker wrote:
>
> > Well, you guys are touchy lot!  My releases are no less frequent than
> > releases of DBI or even mod_perl.  So just chill out, I sometimes have
> > other things on my mind.
>
> I don't know about touchy so much as frustrated.  Apache::Session is very
> widely used but it doesn't feel well supported.
>
> Comparing it to DBI or mod_perl seems a bit silly.  It is not as widely
> used as either and is far less complex.
>
> My big concern is that there is a fatal error in Apache::Session::Flex
> that makes it completely unusable.  You've known about this for at least
> 9-12 months but you haven't bothered to release a simple bugfix release
> for it.  Its a 3-4 line change!

Then package it up, send me the tarball, and I'll upload it to CPAN.
Repeatedly sending me patches isn't any more likely to get me to pay
attention to it.

Regarding Flex, nobody uses it.  It is for debugging.  If you have a
particular variant of Flex that you use all the time (very likely), you
can code up a 6-line module to make a real implementation like all the
other session modules.

Flex is for debugging, period.

Version 1.54 is uploaded to CPAN so go nuts.

-jwb

Re: ANN/RFC: Apache::Session::Generate variants

Posted by Dave Rolsky <au...@urth.org>.

On Thu, 11 Oct 2001, Jeffrey W. Baker wrote:

> Well, you guys are touchy lot!  My releases are no less frequent than
> releases of DBI or even mod_perl.  So just chill out, I sometimes have
> other things on my mind.

I don't know about touchy so much as frustrated.  Apache::Session is very
widely used but it doesn't feel well supported.

Comparing it to DBI or mod_perl seems a bit silly.  It is not as widely
used as either and is far less complex.

My big concern is that there is a fatal error in Apache::Session::Flex
that makes it completely unusable.  You've known about this for at least
9-12 months but you haven't bothered to release a simple bugfix release
for it.  Its a 3-4 line change!

The only way around it is to constantly patch my local copies or use a
hack work-around code which subclasses Flex to fix the populate method.
This is stupid.

I don't really want to reinvent the wheel or tell people not to use
Apache::Session, but its getter harder to avoid either.

If you have other things on your mind, that's fine.  That's why I
suggested you should consider letting someone else maintain it.  I know
I'm not the only person frustrated by the current state of affairs.

-dave

/*==================
www.urth.org
We await the New Sun
==================*/

Re: ANN/RFC: Apache::Session::Generate variants

Posted by "Jeffrey W. Baker" <jw...@acm.org>.


On Thu, 11 Oct 2001, Tatsuhiko Miyagawa wrote:

> On Thu, 11 Oct 2001 01:06:33 -0500 (CDT)
> Dave Rolsky <au...@urth.org> wrote:
>
> > Jeff, if you're still maintaining this package it'd be nice to put out a
> > new release.  If not, it'd be good to give it to someone else.  Hell, I'll
> > volunteer if no one more interested comes along.  I don't have any big
> > plans for it but I can at least integrate patches and such.
> >
> > Apache::Session is in use in a lot of places and it would be good to have
> > an active maintainer.
>
> ++1. And I don't mind taking over, if nobody else wants to.

Well, you guys are touchy lot!  My releases are no less frequent than
releases of DBI or even mod_perl.  So just chill out, I sometimes have
other things on my mind.

-jwb

Re: ANN/RFC: Apache::Session::Generate variants

Posted by Tatsuhiko Miyagawa <mi...@edge.co.jp>.

On Thu, 11 Oct 2001 01:06:33 -0500 (CDT)
Dave Rolsky <au...@urth.org> wrote:

> Jeff, if you're still maintaining this package it'd be nice to put out a
> new release.  If not, it'd be good to give it to someone else.  Hell, I'll
> volunteer if no one more interested comes along.  I don't have any big
> plans for it but I can at least integrate patches and such.
> 
> Apache::Session is in use in a lot of places and it would be good to have
> an active maintainer.

++1. And I don't mind taking over, if nobody else wants to.

--
Tatsuhiko Miyagawa <mi...@bulknews.net>

Re: ANN/RFC: Apache::Session::Generate variants

Posted by Dave Rolsky <au...@urth.org>.

On Thu, 11 Oct 2001, Tatsuhiko Miyagawa wrote:

> Wow, I did almost half a year ago :-)
> http://aspn.activestate.com/ASPN/Mail/Message/modperl/532294

Yeah, and I think I sent one a year ago, at least.

Jeff, if you're still maintaining this package it'd be nice to put out a
new release.  If not, it'd be good to give it to someone else.  Hell, I'll
volunteer if no one more interested comes along.  I don't have any big
plans for it but I can at least integrate patches and such.

Apache::Session is in use in a lot of places and it would be good to have
an active maintainer.

-dave

/*==================
www.urth.org
We await the New Sun
==================*/

Re: ANN/RFC: Apache::Session::Generate variants

Posted by Tatsuhiko Miyagawa <mi...@edge.co.jp>.

On Wed, 10 Oct 2001 17:22:23 -0700 (PDT)
Ask Bjoern Hansen <as...@valueclick.com> wrote:

> > Note that if you try to use these modules functionality,
> > Apache::Session::Flex should be patched with one included in both
> > tarballs.
> 
> I sent a patch to Jeffrey last week or such that (I imagine) covers
> the same thing.

Wow, I did almost half a year ago :-)
http://aspn.activestate.com/ASPN/Mail/Message/modperl/532294

--
Tatsuhiko Miyagawa <mi...@bulknews.net>

Re: ANN/RFC: Apache::Session::Generate variants

Posted by Ask Bjoern Hansen <as...@valueclick.com>.

On Thu, 11 Oct 2001, Tatsuhiko Miyagawa wrote:

> Note that if you try to use these modules functionality,
> Apache::Session::Flex should be patched with one included in both
> tarballs.

I sent a patch to Jeffrey last week or such that (I imagine) covers
the same thing.

-- 
ask bjoern hansen, http://ask.netcetera.dk/         !try; do();
more than a billion impressions per week, http://valueclick.com

Re: ANN/RFC: Apache::Session::Generate variants

Posted by Tatsuhiko Miyagawa <mi...@edge.co.jp>.

These are now on CPAN, which I've forgotten to mention.


Note that if you try to use these modules functionality,
Apache::Session::Flex should be patched with one included in both
tarballs. 


Thanks.

On Thu, 11 Oct 2001 01:30:29 +0900
Tatsuhiko Miyagawa <mi...@edge.co.jp> wrote:

> Here is Apache::Session::Generate::* variants, which especially
> uses Apache standard C-modules.
> 
> Apache::Session::Generate::ModUniqueId
>   http://bulknews.net/lib/archives/Apache-Session-Generate-ModUniqueId-0.01.tar.gz
>   http://bulknews.net/lib/archives/Apache-Session-Generate-ModUniqueId-0.01.html
> 
>   uses mod_unique_id for session id.
> 
> Apache::Session::Generate::ModUsertrack
>   http://bulknews.net/lib/archives/Apache-Session-Generate-ModUsertrack-0.01.tar.gz
>   http://bulknews.net/lib/archives/Apache-Session-Generate-ModUsertrack-0.01.html
> 
>   uses mod_usertrack's cookie for session id.
> 


--
Tatsuhiko Miyagawa <mi...@bulknews.net>

Re: ANN/RFC: Apache::Session::Generate variants

Posted by Perrin Harkins <pe...@elem.com>.

> Here is Apache::Session::Generate::* variants, which especially
> uses Apache standard C-modules.
>
> Apache::Session::Generate::ModUniqueId
>
http://bulknews.net/lib/archives/Apache-Session-Generate-ModUniqueId-0.01.ta
r.gz
>
http://bulknews.net/lib/archives/Apache-Session-Generate-ModUniqueId-0.01.ht
ml
>
>   uses mod_unique_id for session id.
>
> Apache::Session::Generate::ModUsertrack
>
http://bulknews.net/lib/archives/Apache-Session-Generate-ModUsertrack-0.01.t
ar.gz
>
http://bulknews.net/lib/archives/Apache-Session-Generate-ModUsertrack-0.01.h
tml
>
>   uses mod_usertrack's cookie for session id.

This is great!  Good work.  One less piece to write when getting a new
project started...
- Perrin

Re: ANN/RFC: Apache::Session::Generate variants

Posted by Tatsuhiko Miyagawa <mi...@edge.co.jp>.

On Wed, 10 Oct 2001 17:23:04 -0700 (PDT)
Ask Bjoern Hansen <as...@valueclick.com> wrote:

> > Apache::Session::Generate::ModUsertrack
> >   http://bulknews.net/lib/archives/Apache-Session-Generate-ModUsertrack-0.01.tar.gz
> >   http://bulknews.net/lib/archives/Apache-Session-Generate-ModUsertrack-0.01.html
> >
> >   uses mod_usertrack's cookie for session id.
> 
> Don't do that!  mod_usertrack is not meant to be used for secure
> session ids.

I know, I know! just an example of using *already tracked* cookie
for newly generated sessions. My another plan is to release
my session id tracking modules, which Apache::Session doesn't do.


--
Tatsuhiko Miyagawa <mi...@bulknews.net>

Re: ANN/RFC: Apache::Session::Generate variants

Posted by Ask Bjoern Hansen <as...@valueclick.com>.

On Thu, 11 Oct 2001, Tatsuhiko Miyagawa wrote:

> Here is Apache::Session::Generate::* variants, which especially
> uses Apache standard C-modules.
>
> Apache::Session::Generate::ModUniqueId
>   http://bulknews.net/lib/archives/Apache-Session-Generate-ModUniqueId-0.01.tar.gz
>   http://bulknews.net/lib/archives/Apache-Session-Generate-ModUniqueId-0.01.html
>
>   uses mod_unique_id for session id.

Cool.

> Apache::Session::Generate::ModUsertrack
>   http://bulknews.net/lib/archives/Apache-Session-Generate-ModUsertrack-0.01.tar.gz
>   http://bulknews.net/lib/archives/Apache-Session-Generate-ModUsertrack-0.01.html
>
>   uses mod_usertrack's cookie for session id.

Don't do that!  mod_usertrack is not meant to be used for secure
session ids.


 - ask

-- 
ask bjoern hansen, http://ask.netcetera.dk/         !try; do();
more than a billion impressions per week, http://valueclick.com