[VPM] Web sessions
Darren Duncan
darren at DarrenDuncan.net
Thu Dec 13 18:30:55 PST 2007
At 5:50 PM -0800 12/13/07, Peter Scott wrote:
>What (modules) do people like these days for session creation in a
>non-mod-perl environment? I'm still partial to Apache::Session myself,
>but it's been a while since I evaluated competitors.
>
>/me waits for Mock to reveal how insecure Apache::Session is...
Back in 2003, I rolled my own application-specific one, and might
again, but not now.
Currently in my job for Travellers' Inn, I use CGI::Session in its
default configuration, which I think uses files in the system temp
dir to store session data (not a database or anything), and I use a
cookie to persist the session name+id.
It seems to work well enough and is fairly simple. Though I created
an application-specific wrapper around it, that also wraps http
request/response, in the form of a utility library, which is what I
actually use in the applications proper.
I have never tried any other generic session handling modules.
I seem to recall from bringing it up at the Nov meeting that Mock
thought CGI::Session was fine security wise.
-- Darren Duncan
More information about the Victoria-pm
mailing list