You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Brian Parker <bp...@windchill.com> on 2002/05/31 16:40:44 UTC
'Apache::Session' using REMOTE_USER as key
Hi,
I would like to implement sessions using only $ENV{REMOTE_USER} as the
session key as described on page 259 (Ch. 5) of the Eagle book.
I'm trying to use Apache::Session::MySQL. Since I'm generating my own
session key outside of Apache::Session (using $ENV{REMOTE_USER}), what
method(s) do I have to override to prevent Apache::Session from trying
to create a session key for me? Since I'm not using Apache::Session's
key generation capability, is there another implementation that would be
more appropriate for my application?
(Sorry, if this is OT.)
TIA,
Brian
Re: 'Apache::Session' using REMOTE_USER as key
Posted by Perrin Harkins <pe...@elem.com>.
Brian Parker wrote:
> my $rm = $ENV{REMOTE_USER}
> eval{
> # see if the user has a session created
> tie %session, 'WC::ApacheSession::MySQL', $rm, {
> Handle => $dbh,
> LockHandle => $dbh
> };
> 1;
> } or do {
> # create the session using $ENV{REMOTE_USER} as key
> tie %session, 'WC::ApacheSession::MySQL', undef, {
> Handle => $dbh,
> LockHandle => $dbh
> };
> };
Be careful, many other things could go wrong in that first eval (no
database running, incorrect password, etc.). You'd be better off
checking $@ and only doing the next part if you see that it's an error
about the session not existing yet.
You could also just hack it a little to avoid this issue, probably by
changing Apache::Session::Store code.
- Perrin
Re: 'Apache::Session' using REMOTE_USER as key
Posted by Brian Parker <bp...@windchill.com>.
Perrin Harkins wrote:
> Brian Parker wrote:
> > I'm trying to use Apache::Session::MySQL. Since I'm generating my own
> > session key outside of Apache::Session (using $ENV{REMOTE_USER}), what
> > method(s) do I have to override to prevent Apache::Session from trying
> > to create a session key for me? Since I'm not using Apache::Session's
> > key generation capability, is there another implementation that would be
> > more appropriate for my application?
>
> Just write a replacement for Apache::Session::Generate::MD5.
Thanks Perrin. That at least got me looking in the right place.
I had to replace 'Apache::Session::Generate::MD5' as you suggested and then
create my own subclass of 'Apache::Session' (specifies which 'validate' and
'generate' subroutines to call). Because 'Apache::Session' does not provide a
way to create a session with a certain id, I ended up having to do doing
something like this:
my $rm = $ENV{REMOTE_USER}
eval{
# see if the user has a session created
tie %session, 'WC::ApacheSession::MySQL', $rm, {
Handle => $dbh,
LockHandle => $dbh
};
1;
} or do {
# create the session using $ENV{REMOTE_USER} as key
tie %session, 'WC::ApacheSession::MySQL', undef, {
Handle => $dbh,
LockHandle => $dbh
};
};
... to handle the case of the the first time a user. This will work until I
invent a cleaner solution.
regards,
Brian
> You can
> look at Apache::Session::Generate::ModUsertrack, which is probably very
> close to what you want to do.
>
> - Perrin
Re: 'Apache::Session' using REMOTE_USER as key
Posted by Perrin Harkins <pe...@elem.com>.
Brian Parker wrote:
> I'm trying to use Apache::Session::MySQL. Since I'm generating my own
> session key outside of Apache::Session (using $ENV{REMOTE_USER}), what
> method(s) do I have to override to prevent Apache::Session from trying
> to create a session key for me? Since I'm not using Apache::Session's
> key generation capability, is there another implementation that would be
> more appropriate for my application?
Just write a replacement for Apache::Session::Generate::MD5. You can
look at Apache::Session::Generate::ModUsertrack, which is probably very
close to what you want to do.
- Perrin