perl-asp mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Uwe Riehm" <>
Subject Two suggestions
Date Thu, 10 Apr 2003 10:09:16 GMT

thanks for your replies on my question "whom to send suggestions to". I will now do as adviced
send them to the list. I have to admit that my changes have been done on a version 2.37 of
Apache ASP
because that the one which is in my actual distibution. But a far as I could see in the downloaded
version I think they should work there fine too.

First one: Introduction of a config parameter CookieDomain
CookieDomain lets you specify the domain the session cookie will be sent to.
I have - actually on the same machine - different web servers running and I would like to
span a session
across them. The servers are eg. and In the actual implementation

the cookie will be just send exactly to the server the session was created. But it would /
could be helpful 
to define that the cookie should be sent to which means it goes to every server.
Anyhow - latest when you extend Apache ASP to store the session information in a database
so that
you can scale with several web servers you will need something like this.
In the config file:
	PerlSetVar CookieDomain
Changes in the code (
In sub InitState
        ## SESSION INITS
        $self->{cookie_path}       = $r->dir_config('CookiePath') || '/';
        $self->{paranoid_session}  = $r->dir_config('ParanoidSession') || 0;
        $self->{remote_ip}         = $r->connection()->remote_ip();
        $self->{session_count}     = $r->dir_config('SessionCount');
add one line
        $self->{cookie_domain}     = $r->dir_config('CookieDomain') ? 'domain=' . $r->dir_config('CookieDomain').';'
: '';

and in sub SessionId
change the line
	$self->{r}->header_out('Set-Cookie', "$SessionCookieName=$id; path=$self->{cookie_path}".$secure);
	$self->{r}->header_out('Set-Cookie', "$SessionCookieName=$id; $self->{cookie_domain}

Second one: avoid unecessary sending of cookies
Well I have to admit that I don't know the reason for that particular behavior of Apache ASP.
Maybe there is
a reason why it is done that way.
But first let me describe my problem: If a user declines to accept a cookie the session id
is parsed into
the source which is very fine. But on every consecutive page a cookie is tried to be sent
again. I can tell
you from my experience running different web sites here in Europe - espacially in Germany
- that a lot of
users don't like and trust cookies. So if someone has "accept cookies" generally set off in
the browser 
you don't see anything, but some (probably a lot more than in the US) have this "alert me
if a cookie is set" 
function activated in the browser. And that means if they decline to get the cookie set they
will get a new cookie
message every time the click somewhere in the application. And that is really annoying...
Therefore my suggestion would be just to send the cookie ones and if it could be set anything
is fine - actually
Apache ASP doesn't send any more cookies - if it could not be set the first time then don't
try to set it later
on again and again... Why should the user suddenly change his mind.
As far I could see this can be easily done bu commenting out three lines in the 
sub SessionId
#       if ($session_from_url && defined $id) {
#           $self->SessionId($id);
#       }

Well, for me those lines seem to be inserted later on for I don't know what reason. So if
it is necessary for
some applications you could also make this behavior configurable via a Config setting and
a if clause around this
code lines.

OK - those have been my first two suggestions. Feel free to comment them!




Uwe Riehm

Vilbeler Landstr. 203
D-60388 Frankfurt

Tel.:     +49 (0)6109 / 3758-18
Fax:     +49 (0)6109 / 3758-11

TBOOKER - Travel Booking Cheap'n Easy

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message