Apache Session Management Within Dynamic Sites


As a follow on to an earlier piece about session management natively in Apache, I’ve written a follow up that looks more closely at the issue of developing sites that use cookies for ID and session management. In this article, I cover the mechanics, internals and security of the cookie system, and look at how to use cookies within Perl CGI scripts. Here’s the intro from the piece:

As Web sites get more complicated and more dynamic, developers want to give users a more cohesive environment. This cohesion can provide all sorts of functionality, from a simple method of tracking a shopping basket to providing full-blown customization of stories, templates, and information shown to users as they use the Web site. The key to this system is the session – a unique identifier that enables developers to identify users, either for relatively short periods (e.g., in shopping baskets) or longer (full customization).In a previous article “Session Tracking with Apache,” we described how to use cookies and the sessions system within Apache to track user access for the purposes of monitoring site usage in the logs and recording which pages were viewed. We can adapt the same basic principles – primarily cookies – through programmable components, such as Perl and PHP to provide customized Web sites.This article will look at how Apache can help with session management and how that information can be used with Perl and PHP scripts.

Read on for the full article.