| CPAN Ratings (Gamma) Apache-Session reviews | |
| Home | Search | About | Login |
RSS | Module Info | Add a review of Apache-Session
4 out of 4 found this review helpful:
This module sounded great at first, but I have come to realize it's not what I wanted. I was using Apache::Session::MySQL to create a sessionId for every visitor of my website. I have several multi-page forms on the site, and the session worked pretty good at maintaining the data from each form post. However, this setup left me with a few problems:
1. Every single unique user to my website creates a new entry in the sessions table. This entry will never be deleted unless I write my own expiration code to remove old sessions. With a busy site my session table would grow to be extremely large.
2. There is no support for temporary session keys. I'd like to be able to set a key that expires in X minutes. This can be handled by writing your own wrapper that sets a special session key, but it would be nice to be in the API somewhere.
I've since switched my site over to using Data::Uniqid for session ID generation and Cache::FileCache for storing temporary form data. Data::Uniqid assures me that the ID it generates is very unique, so I don't have to store every session in my database. And FileCache has the expiration support I need for holding temporary form data.
Andy Grundman - 2004-11-23 20:37:15
Was this review helpful to you?
Yes
No
It should be noted that with the lastest version (1.6 as of this writing), Apache::Session locking does support exclusive locks, in fact with mysql, that's all that is supported. Being able to configure the lock timeout would be nice, however (currently one hour).
Still, I will agree that it could use both transaction and versioning (row timestamps) per session row support. This is certainly more than possible, even with mysql (using the innodb storage engine).
Jesse Sipprell - 2004-08-11 20:00:19
Was this review helpful to you?
Yes
No
I have to agree with the previous reviewer, ti, this module attempts to do something nice, but I think the execution is a little precarious. I have tried to use this module on several occassions and been bit by the deadlocking bug with MySQL each time and remembered why I then went and wrote my own session code. It's a reasonably good module, but there should be more clarity in the documentation of the possible pitfalls and more work needs to be done to ensure safety.
Andrew Sterling Hanenkamp - 2004-08-05 08:22:44
Was this review helpful to you?
Yes
No
Clean, elegant code.
Adi Fairbank - 2004-02-24 17:47:47
Was this review helpful to you?
Yes
No
Apache::Session has a useful role, in that it attempts to standardise the storing of session-like information in a variety of ways - you can use subclasses for storage in files, databases etc, and a similar array of subclasses for locking.
However, if working on a project of any size, I'd be inclined not to use it, for the following reasons:
1. The underlying task here is not THAT difficult. The magnificent "Storable" module (or several others) handle the task of serialising and unserialising data structures, so for typical applications you then need to deal with locking, generate random keys, not put in any nasty race conditions by mistake, and avoid tainted data doing bad things to you. Not trivial, but not rocket science either. Not that I'm in favour of reinventing wheels on principle, but read on ...
2. The locking strategy here is alarming: when you retrieve a session, a nonexclusive lock is obtained. This is quite likely to be wrong (if you change the session). To be fair, the documentation states what the module does, but it seems to me that it should do the safe thing by default (which is an exclusive lock), and let you override this if you need to (eg. for performance reasons).
General note: programming for a concurrent environment is really difficult. Many people get it wrong, which causes bugs which are difficult to find. Software which helps you write concurrent software without thinking about it (eg. transactional RDBMSs) are to be praised; software which appears to mean you don't have to think about it but then leaves holes for you to fall in should be cursed. Or at least sharply reviewed.
3. Apache::Session writes its data back to the database at DESTROY-time, when the tied variable goes out of scope. If you manage to do half your session processing and then blow up, you end up with an "inconsistent" session. A "commit" option (which closes and saves the session) would have been helpful.
4. The Apache::Session::Lock::MySQL module never checks that it managed to actually obtain a lock. If it can't, it'll wait an hour, then do what it was going to do anyway. (I sent a patch fixing this to Jeffrey Baker in 2001, but it doesn't appear to have been applied).
Summary: flexible, ideal for getting projects up and running quickly, or where you need to run under various environments. Use for critical or high volume work at your peril.
ti - 2003-12-06 13:12:51
Was this review helpful to you?
Yes
No
|
Perl.org sites
: bugs
| dev
| history
| jobs
| learn
| lists
| use
© Copyright 2002-2008 The Perl FoundationSite Information and Contacts |
|