You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Peter Galbavy <pe...@knowtion.net> on 2004/02/20 11:19:02 UTC
Experience of Apache::Session vs CGI::Session ?
Please note I googled, and found only very off track threads a while back
I am redesigning an application that currently uses Apache::ASP and for a
variety of reasons I believe my best approach is to go "native" and build
mod_perl handlers to generate the pages instead of using a scripted
approach.
That said, I have got quite used to the Apache::ASP session management, and
I have been reading the docs for both Apache::Session (and some of it's
wrappers) and CGI::Session. I am not looking for any religious bias either
way, but as someone who have never used either, does anyone have any
comments regarding what to base a choice on ?
My general constraints are:
1) Cookieless session options; I would like to support cookieless sessions,
using URL args and/or pathinfo to carry the session IDs. Looking at both the
systems, this is a manual process (unlike Apache::ASP options). Am I
mistaken ? Is there an underlying transparent mechanism in either session
manager (or a wrapper) ?
2) The data required per session will be the typical user authentication /
preferences stuff. Perhaps some additional menu-choices etc. Not much by
volume, and not a whole lot of commerce stuff.
3) I will be using a PostgreSQL based DB for the content management, and if
(as I hope) the capacity increases require additional backends, then having
session data in a/the DB will be useful. Both the session modules support
PostgreSQL, but does anyone have any experience of performance by these
modules in this environment ?
I appreciate any comments, and given I found little on searching, I hope
that any replies would be useful to have in the list archives.
rgds,
--
Peter
Re: Experience of Apache::Session vs CGI::Session ?
Posted by Jean-Michel Hiver <jh...@mkdoc.com>.
>In this case, if it matters, we need sessions for user settings, logging,
>preferences, authentication etc.
>
>
Well, if you used HTTP authentication, you'd have a nice
$ENV{REMOTE_USER} once the user is authenticated.
You can use it for your user settings, preferences, and apache does the
authentication for you.
But of course it's no good for logging non authenticated users if you're
unhappy with 'standard' apache logs. Which is why I was asking the
question. Apart from super precise logging, you might not actually
_need_ sessions at all.
>To perhaps clarify, I was not asking for advice as to whether or not to use
>some sort of session management, but rather for people comments and
>experience between these two (very similar looking) modules. There must be
>differences, else why would people go to the effort of maintaining them ?
>:-)
>
>
Hubris my friend, hubris... More seriously, I don't use sessions that
much. But that's because it's often possible to avoid them... using a
RESTful model for your web app often helps. But then I don't know if it
could be suitable for the kind of app you're writing and you don't seem
much interested in this alternative so I'll stop here :-)
Best Regards,
Jean-Michel.
--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html
Re: [OT] Experience of Apache::Session vs CGI::Session ?
Posted by Joel <pe...@joelrichard.com>.
Peter,
(I've marked this post as off topic, since it doesn't deal with mod_perl
per se.)
Having used Apache::Session to some degree, it seems that CGI::Session is
comparable in functionality. There does not seem to be any major
differences between the two.
It is worth noting that the latest version of Apache::Session on CPAN is
v1.54, dated 11 Oct 2001. CGI::Session is v3.95, dated 26 Jun 2003. The
latter also has a higher rating (4 stars, versus 3).
(It would be wise to view the ratings of both of these as the person to
rated Apache::Session had some interesting comments.)
So perhaps it might be wise to investigate CGI::Session since it's more
recent and is more likely to be under active development. Then again,
maybe Apache::Session is perfect the way it is, although I doubt that. :)
Good luck!
--Joel
>Jean-Michel Hiver wrote:
>> What do you need sessions for?
>
>What are babies for ? :-)
>
>In this case, if it matters, we need sessions for user settings,
>logging, preferences, authentication etc.
>
>> Authentication can be done using HTTP authentication without using
>> cookies or URI session tracking (which is, frankly, very ugly).
>
>To perhaps clarify, I was not asking for advice as to whether or not to
>use some sort of session management, but rather for people comments and
>experience between these two (very similar looking) modules. There must
>be differences, else why would people go to the effort of maintaining
>them ?
>:-)
>
>rgds,
>--
>Peter
>
>
--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html
Re: Experience of Apache::Session vs CGI::Session ?
Posted by Peter Galbavy <pe...@knowtion.net>.
Jean-Michel Hiver wrote:
> What do you need sessions for?
What are babies for ? :-)
In this case, if it matters, we need sessions for user settings, logging,
preferences, authentication etc.
> Authentication can be done using HTTP authentication without using
> cookies or URI session tracking (which is, frankly, very ugly).
To perhaps clarify, I was not asking for advice as to whether or not to use
some sort of session management, but rather for people comments and
experience between these two (very similar looking) modules. There must be
differences, else why would people go to the effort of maintaining them ?
:-)
rgds,
--
Peter
--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html
Re: Experience of Apache::Session vs CGI::Session ?
Posted by Jean-Michel Hiver <jh...@mkdoc.com>.
> My general constraints are:
>
> 1) Cookieless session options; I would like to support cookieless sessions,
> using URL args and/or pathinfo to carry the session IDs. Looking at both the
> systems, this is a manual process (unlike Apache::ASP options). Am I
> mistaken ? Is there an underlying transparent mechanism in either session
> manager (or a wrapper) ?
What do you need sessions for?
> 2) The data required per session will be the typical user authentication /
> preferences stuff. Perhaps some additional menu-choices etc. Not much by
> volume, and not a whole lot of commerce stuff.
Authentication can be done using HTTP authentication without using
cookies or URI session tracking (which is, frankly, very ugly).
Cheers,
--
Building a better web - http://www.mkdoc.com/
---------------------------------------------
Jean-Michel Hiver
jhiver@mkdoc.com - +44 (0)114 255 8097
Homepage: http://www.webmatrix.net/
--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html
Re: Experience of Apache::Session vs CGI::Session ?
Posted by Peter Galbavy <pe...@knowtion.net>.
Apologies by the stange attachement in my previous post... I cut'n'pasted
from a previous sent-mail that went from the wrong subscriber address...
Peter
--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html
Re: Experience of Apache::Session vs CGI::Session ?
Posted by Perrin Harkins <pe...@elem.com>.
On Fri, 2004-02-20 at 05:19, Peter Galbavy wrote:
> 1) Cookieless session options; I would like to support cookieless sessions,
> using URL args and/or pathinfo to carry the session IDs. Looking at both the
> systems, this is a manual process (unlike Apache::ASP options). Am I
> mistaken ? Is there an underlying transparent mechanism in either session
> manager (or a wrapper) ?
Neither of the modules you are looking at is a complete system the way
Apache::ASP is. Apache::Session is just a storage mechanism for a
shared hash. I think CGI::Session goes a little further by providing
some basic cookie stuff.
What you probably want to look at it is a higher-level module which
handles more for you. Try one of these:
Apache::AuthCookieURL
Apache::SessionManager
> 2) The data required per session will be the typical user authentication /
> preferences stuff. Perhaps some additional menu-choices etc. Not much by
> volume, and not a whole lot of commerce stuff.
My basic advice is to put as little in a session as you possibly can.
> 3) I will be using a PostgreSQL based DB for the content management, and if
> (as I hope) the capacity increases require additional backends, then having
> session data in a/the DB will be useful. Both the session modules support
> PostgreSQL, but does anyone have any experience of performance by these
> modules in this environment ?
Apache::Session performed well with Oracle. Performance with Postgres
is mostly a function of how well Postgres performs.
Incidentally, Apache::ASP uses MLDBM::Sync instead of Apache::Session.
You could do that too if you want to, and build the URL-munging part
yourself.
- Perrin
--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html