view release on metacpan or  search on metacpan

SessionManager.pm  view on Meta::CPAN

informations:

   PerlSetVar SessionManagerStoreArgs "DataSource => dbi:mysql:sessions, \
                                       UserName   => user, \
                                       Password   => password" 

Please see the documentation for store/lock modules in order to pass right
arguments.

=item C<SessionManagerItemExclude> string|regex

This single directive defines the exclusion string. For example:

   PerlSetVar SessionManagerItemExclude exclude_string

All the HTTP requests containing the 'exclude_string' string in the URI will be
declined. Also is possible to use regex:

   PerlSetVar SessionManagerItemExclude "\.m.*$"

and all the request (URI) ending by ".mpeg", ".mpg" or ".mp3" will be declined.

If C<SessionManagerItemExclude> isn't defined, the default value is:

C<(\.gif|\.jpe?g|\.png|\.mpe?g|\.css|\.js|\.txt|\.mp3|\.wav|\.swf|\.avi|\.au|\.ra?m)$>

B<Note> If you want process each request, you can set
C<SessionManagerItemExclude> with:

   PerlSetVar SessionManagerItemExclude "^$"

=item C<SessionManagerHeaderExclude>

This directive allows to define HTTP headers contents in order to decline
requests that match them. For example:

   PerlSetVar SessionManagerHeaderExclude "User-Agent => SomeBot"

All the HTTP requests containing the 'SomeBot' string in the HTTP C<User-Agent>
header will be declined. Also is possible to use regex:

   PerlSetVar SessionManagerHeaderExclude "User-Agent => SomeBot\s*/\*\d+\.\d+"

All HTTP headers are available (case sensitive) to use in the exclusion rules.

In order to set more than one rule you must use C<PerlAddVar> directive:

   PerlSetVar SessionManagerHeaderExclude "User-Agent => SomeBot\s*/\*\d+\.\d+"
   PerlAddVar SessionManagerHeaderExclude "User-Agent => GoogleBot"
   PerlAddVar SessionManagerHeaderExclude "Referer => ^http:\/\/some\.host\.com"

Why could be useful to decline request based on HTTP headers check? If you
store session ID in the URI, this prevent bot search engines to index URL with
the session ID.

=item C<SessionManagerIPExclude> IP-list

Matchs client IP addresses against IP list and declines request.
It's possible to set an IP address and optionally a bitmask:

233.76.193.0/24

233.76.193.1/32 (or simply 233.76.193.1)

For example:

   PerlSetVar SessionManagerIPExclude "127.0.0.0/8 192.168.0.0/16 195.31.218.3"

Note that since C<1.03> Apache::SessionManager version, non dotted-quad IP
will be skipped.

=item C<SessionManagerSetEnv> On|Off

Sets the C<SESSION_MANAGER_SID> environment variable with the current (valid)
session ID:

   PerlSetVar SessionManagerSetEnv On

It makes session ID available to CGI scripts for use in absolute links or
redirects. The default value is C<Off>.

To retrieve the C<SESSION_MANAGER_SID> environment variabile you can do, for
instance:

=over 

=item * mod_perl

   print $r->subprocess_env('SESSION_MANAGER_SID');

=item * CGI

   print $ENV{'SESSION_MANAGER_SID'};

=item * Server Side Includes

   <!--#echo var="SESSION_MANAGER_SID" -->

=back

=item C<SessionManagerDebug> level

This single directive set debug level.

   PerlSetVar SessionManagerDebug 3

If greather than zero, debug informations will be print to STDERR. The default
value is C<0> (no debug information will be print).

=item C<SessionManagerEnableModBackhand> On|Off

This single directive enable mod_backhand sticky session load balancing
support.
Someone asked me this feature, so I've added it.

   PerlSetVar SessionManagerEnableModBackhand On

A few words on mod_backhand. mod_backhand is a load balancing Apache module.
mod_backhand can attempt to find a cookie in order to hex decodes the first 8 
bytes of its content into an IPv4 style IP address.
It will attempt to find this IP address in the list of candidates and if it is