Apache-ASP
view release on metacpan or search on metacpan
NoCache
Default 0, if set to 1 will make it so that neither script nor include
compilations are cached by the server. Using this configuration will
save on memory but will slow down script execution. Please see the
TUNING section for other strategies on improving site performance.
PerlSetVar NoCache 0
State Management
NoState
default 0, if true, neither the $Application nor $Session objects will
be created. Use this for a performance increase. Please note that this
setting takes precedence over the AllowSessionState and
AllowApplicationState settings.
PerlSetVar NoState 0
AllowSessionState
Set to 0 for no session tracking, 1 by default If Session tracking is
turned off, performance improves, but the $Session object is
inaccessible.
PerlSetVar AllowSessionState 1
Note that if you want to dissallow session creation for certain non web
browser user agents, like search engine spiders, you can use an init
handler like:
PerlInitHandler "sub { $_[0]->dir_config('AllowSessionState', 0) }"
AllowApplicationState
Default 1. If you want to leave $Application undefined, then set this to
0, for a performance increase of around 2-3%. Allowing use of
$Application is less expensive than $Session, as there is more work for
the StateManager associated with $Session garbage collection so this
parameter should be only used for extreme tuning.
PerlSetVar AllowApplicationState 1
StateDir
default $Global/.state. State files for ASP application go to this
directory. Where the state files go is the most important determinant in
what makes a unique ASP application. Different configs pointing to the
same StateDir are part of the same ASP application.
The default has not changed since implementing this config directive.
The reason for this config option is to allow operating systems with
caching file systems like Solaris to specify a state directory
separately from the Global directory, which contains more permanent
files. This way one may point StateDir to /tmp/myaspapp, and make one's
ASP application scream with speed.
PerlSetVar StateDir ./.state
StateManager
default 10, this number specifies the numbers of times per
SessionTimeout that timed out sessions are garbage collected. The bigger
the number, the slower your system, but the more precise Session_OnEnd's
will be run from global.asa, which occur when a timed out session is
cleaned up, and the better able to withstand Session guessing hacking
attempts. The lower the number, the faster a normal system will run.
The defaults of 20 minutes for SessionTimeout and 10 times for
StateManager, has dead Sessions being cleaned up every 2 minutes.
PerlSetVar StateManager 10
StateDB
default SDBM_File, this is the internal database used for state objects
like $Application and $Session. Because an SDBM_File %hash has a limit
on the size of a record key+value pair, usually 1024 bytes, you may want
to use another tied database like DB_File or MLDBM::Sync::SDBM_File.
With lightweight $Session and $Application use, you can get away with
SDBM_File, but if you load it up with complex data like $Session{key} =
{ # very large complex object } you might max out the 1024 limit.
Currently StateDB can be: SDBM_File, MLDBM::Sync::SDBM_File, DB_File,
and GDBM_File. Please let me know if you would like to add any more to
this list.
As of version .18, you may change this setting in a live production
environment, and new state databases created will be of this format.
With a prior version if you switch to a new StateDB, you would want to
delete the old StateDir, as there will likely be incompatibilities
between the different database formats, including the way garbage
collection is handled.
PerlSetVar StateDB SDBM_File
StateCache
Deprecated as of 2.23. There is no equivalent config for the
functionality this represented from that version on. The 2.23 release
represented a significant rewrite of the state management, moving to
MLDBM::Sync for its subsystem.
StateSerializer
default Data::Dumper, you may set this to Storable for faster
serialization and storage of data into state objects. This is
particularly useful when storing large objects in $Session and
$Application, as the Storable.pm module has a faster implementation of
freezing and thawing data from and to perl structures. Note that if you
are storing this much data in your state databases, you may want to use
DB_File since it does not have the default 1024 byte limit that
SDBM_File has on key/value lengths.
This configuration setting may be changed in production as the state
database's serializer type is stored in the internal state manager which
will always use Data::Dumper & SDBM_File to store data.
PerlSetVar StateSerializer Data::Dumper
Sessions
CookiePath
URL root that client responds to by sending the session cookie. If your
asp application falls under the server url "/asp", then you would set
this variable to /asp. This then allows you to run different
applications on the same server, with different user sessions for each
application.
}
$uri = $2;
my $PATH = $1 || '';
$r->dir_config('PATH', $PATH);
if($uri eq '/') {
$uri = '/index.asp';
}
$r->uri($uri);
$r->filename($r->document_root.$uri);
DECLINED;
}
1;
OBJECTS
The beauty of the ASP Object Model is that it takes the burden of CGI and
Session Management off the developer, and puts them in objects accessible
from any ASP script & include. For the perl programmer, treat these objects
as globals accessible from anywhere in your ASP application.
The Apache::ASP object model supports the following:
Object Function
------ --------
$Session - user session state
$Response - output to browser
$Request - input from browser
$Application - application state
$Server - general methods
These objects, and their methods are further defined in the following
sections.
If you would like to define your own global objects for use in your scripts
and includes, you can initialize them in the global.asa Script_OnStart like:
use vars qw( $Form $Site ); # declare globals
sub Script_OnStart {
$Site = My::Site->new; # init $Site object
$Form = $Request->Form; # alias form data
$Server->RegisterCleanup(sub { # garbage collection
$Site->DESTROY;
$Site = $Form = undef;
});
}
In this way you can create site wide application objects and simple aliases
for common functions.
$Session Object
The $Session object keeps track of user and web client state, in a
persistent manner, making it relatively easy to develop web applications.
The $Session state is stored across HTTP connections, in database files in
the Global or StateDir directories, and will persist across web server
restarts.
The user session is referenced by a 128 bit / 32 byte MD5 hex hashed cookie,
and can be considered secure from session id guessing, or session hijacking.
When a hacker fails to guess a session, the system times out for a second,
and with 2**128 (3.4e38) keys to guess, a hacker will not be guessing an id
any time soon.
If an incoming cookie matches a timed out or non-existent session, a new
session is created with the incoming id. If the id matches a currently
active session, the session is tied to it and returned. This is also similar
to the Microsoft ASP implementation.
The $Session reference is a hash ref, and can be used as such to store data
as in:
$Session->{count}++; # increment count by one
%{$Session} = (); # clear $Session data
The $Session object state is implemented through MLDBM, and a user should be
aware of the limitations of MLDBM. Basically, you can read complex
structures, but not write them, directly:
$data = $Session->{complex}{data}; # Read ok.
$Session->{complex}{data} = $data; # Write NOT ok.
$Session->{complex} = {data => $data}; # Write ok, all at once.
Please see MLDBM for more information on this topic. $Session can also be
used for the following methods and properties:
$Session->{CodePage}
Not implemented. May never be until someone needs it.
$Session->{LCID}
Not implemented. May never be until someone needs it.
$Session->{SessionID}
SessionID property, returns the id for the current session, which is
exchanged between the client and the server as a cookie.
$Session->{Timeout} [= $minutes]
Timeout property, if minutes is being assigned, sets this default
timeout for the user session, else returns the current session timeout.
If a user session is inactive for the full timeout, the session is
destroyed by the system. No one can access the session after it times
out, and the system garbage collects it eventually.
$Session->Abandon()
The abandon method times out the session immediately. All Session data
is cleared in the process, just as when any session times out.
$Session->Lock()
API extension. If you are about to use $Session for many consecutive
reads or writes, you can improve performance by explicitly locking
$Session, and then unlocking, like:
$Session->Lock();
$Session->{count}++;
$Session->{count}++;
$Session->{count}++;
$Session->UnLock();
This sequence causes $Session to be locked and unlocked only 1 time,
instead of the 6 times that it would be locked otherwise, 2 for each
increment with one to read and one to write.
+StatScripts setting which if set to 0 will not reload
includes, global.asa, or scripts when changed.
+FileUpload file handles cleanup at garbage collection
time so developer does not have to worry about lazy coding
and undeffing filehandles used in code. Also set
uploaded filehandles to binmode automatically on Win32
platforms, saving the developer yet more typing.
+FileUploadTemp setting, default 0, if set will leave
a temp file on disk during the request, which may be
helpful for processing by other programs, but is also
a security risk in that others could potentially read
this file while the script is running.
The path to the temp file will be available at
$Request->{FileUpload}{$form_field}{TempFile}.
The regular use of file uploads remains the same
with the <$filehandle> to the upload at
$Request->{Form}{$form_field}.
+FileUploadMax setting, default 0, currently an
alias for $CGI::POST_MAX, which determines the
max size for a file upload in bytes.
+SessionQueryParse only auto parses session-ids
into links when a session-id COOKIE is NOT found.
This feature is only enabled then when a user has
disabled cookies, so the runtime penalty of this
feature won't drag down the whole site, since most
users will have cookies turned on.
-StatINC & StatINCMatch will not undef Fnctl.pm flock
functions constants like O_RDWR, because the code references
are not well trackable. This would result in sporadic 500 server
errors when a changed module was reloaded that imported O_* flock
functions from Fnctl.
+SessionQueryParse & SessionQueryParseMatch
settings that enable auto parsing session ids into
URLs for cookieless sessions. Will pick up URLs in
<a href>, <area href>, <form action>, <frame src>,
<iframe src>, <img src>, <input src>, <link href>
$Response->Redirect($URL) and the first URL in
script tags like <script>*.location.href=$URL</script>
These settings require that buffering be enabled, as
Apache::ASP will parse through the buffer to parse the URLs.
With SessionQueryParse on, it will just parse non-absolute
URLs, but with SessionQueryParseMatch set to some server
url regexp, like ^http://localhost , will also parse
in the session id for URLs that match that.
When testing, the performance hit from this parsing
a script dropped from 12.5 hits/sec on my WinNT box
to 11.7 hits per second for 1K of buffered output.
The difference is .007 of my PII300's processing power
per second.
For 10K of output then, my guess is that this speed
of script, would be slowed to 6.8 hits per second.
This kind of performance hit would also slow a
script running at 40 hits per second on a UNIX box
to 31 hits/sec for 1K, and to 11 hits/sec for 10K parsed.
Your mileage may vary and you will have to test the difference
yourself. Get yourself a valid URL with a session-id in
it, and run it through ab, or Socrates, with SessionQuery
turned on, and then with SessionQueryParse set to see
the difference. SessionQuery just enables of session id
setting from the query string but will not auto parse urls.
-If buffering, Content-Length will again be set.
It broke, probably while I was tuning in the past
couple versions.
+UseStrict setting compiles all scripts including
global.asa with "use strict" turned on for catching
more coding errors. With this setting enabled,
use strict errors die during compilation forcing
Apache::ASP to try to recompile the script until
successful.
-Object use in includes like $Response->Write()
no longer error with "use strict" programming.
+SessionQuery config setting with $Server->URL($url, { %params } )
alpha API extensions to enable cookieless sessions.
+Debugging not longer produces internal debugging
by default. Set to -1,-2 for internal debugging
for Debug settings 1 & 2.
+Both StateSerializer & StateDB can be changed
without affecting a live web site, by storing
the configurations for $Application & $Session
in an internal database, so that if $Session was
created with SDBM_File for the StateDB (default),
it will keep this StateDB setting until it ends.
+StateSerializer config setting. Default Data::Dumper,
can also be set to Storable. Controls how data is
serialized before writing to $Application & $Session.
+Beefed up the make test suite.
+Improved the locking, streamlining a bit of the
$Application / $Session setup process. Bench is up to
22 from 21 hits / sec on dev NT box.
+Cut more fat for faster startup, now on my dev box
I get 44 hits per sec Apache::ASP vs. 48 Embperl
vs. 52 CGI via Apache::Registry for the HelloWorld Scripts.
-Improved linking for the online site documentation,
where a few links before were bad.
$VERSION = 0.17; $DATE="11/15/99";
++20%+ faster startup script execution, as measured by the
HelloWorld bench. I cut a lot of the fat out of
+perl print() works, sending output to $Response object
+$Response->Write() prints scalars, arrays, and hashes. Before only scalars.
+Begin implementation of $Server object.
+Implemented $Response->{Expires} and $Response->{ExpiresAbsolute}
+Added "PerlSetVar StatINC" config option
+$0 is aliased to current script filename
+ASP Objects ($Response, etc.) are set in main package
Thus notation like $main::Response->Write() can be used anywhere.
$VERSION = 0.02; $DATE="07/12/1998";
++Session Manager, won't break under denial of service attack
+Fleshed out $Response, $Session objects, almost full implementation.
+Enormously more documentation.
-Fixed error handling with Debug = 2.
-Documentation fixed for pod2man support. README now more man-like.
-Stripped \r\n dos characters from installation files
-755 mode set for session state directory when created
-Loads Win32/OLE properly, won't break with UNIX
$VERSION = 0.01; $DATE="06/26/1998";
Syntax Support
--------------
Initial release, could be considered alpha software.
Allows developers to embed perl in html ASP style.
<!-- sample here -->
<html>
<body>
<% for(1..10) { %>
counting: <%=$_%> <br>
<% } %>
</body>
</html>
ASP Objects
-----------
$Session, $Application, $Response, $Request objects available
for use in asp pages.
$Session & $Application data is preserved using SDBM files.
$Session id's are tracked through the use of cookies.
Security
--------
Timeouts any attempt to use a session id that doesn't already
exist. Should stop hackers, since there is no wire speed guessing
cookies.
LICENSE
Copyright (c) 1998-2018, Josh Chamas
All rights reserved. This program is free software; you can redistribute it
and/or modify it under the same terms as Perl itself.
Apache::ASP is a perl native port of Active Server Pages for Apache and
mod_perl.
( run in 1.469 second using v1.01-cache-2.11-cpan-39bf76dae61 )