[VPM] Web sessions

Darren Duncan darren at DarrenDuncan.net
Thu Dec 13 18:30:55 PST 2007


At 5:50 PM -0800 12/13/07, Peter Scott wrote:
>What (modules) do people like these days for session creation in a
>non-mod-perl environment?  I'm still partial to Apache::Session myself,
>but it's been a while since I evaluated competitors.
>
>/me waits for Mock to reveal how insecure Apache::Session is...

Back in 2003, I rolled my own application-specific one, and might 
again, but not now.

Currently in my job for Travellers' Inn, I use CGI::Session in its 
default configuration, which I think uses files in the system temp 
dir to store session data (not a database or anything), and I use a 
cookie to persist the session name+id.

It seems to work well enough and is fairly simple.  Though I created 
an application-specific wrapper around it, that also wraps http 
request/response, in the form of a utility library, which is what I 
actually use in the applications proper.

I have never tried any other generic session handling modules.

I seem to recall from bringing it up at the Nov meeting that Mock 
thought CGI::Session was fine security wise.

-- Darren Duncan


More information about the Victoria-pm mailing list