Apache-ASP
view release on metacpan or search on metacpan
site/config.html view on Meta::CPAN
<td valign=top >
<font face="lucida console" size=-1>
<a href=#AuthServerVaa7584921>AuthServerVariables</a>
</font>
</td>
</tr>
<tr>
<td valign=top >
<font face="lucida console" size=-1>
<a href=#StateSeriali106736b1>StateSerializer</a>
</font>
</td>
<td valign=top >
<font face="lucida console" size=-1>
<a href=#BufferingOn>BufferingOn</a>
</font>
</td>
</tr>
<tr>
<td valign=top >
<font face="lucida console" size=-1>
</font>
</td>
<td valign=top >
<font face="lucida console" size=-1>
<a href=#InodeNames>InodeNames</a>
</font>
</td>
</tr>
<tr>
<td valign=top bgcolor=#005196>
<font face="lucida console" size=-1>
<font color=white><b><a href=#Sessions><font color=white>Sessions</font></a></b></font>
</font>
</td>
<td valign=top >
<font face="lucida console" size=-1>
<a href=#RequestParam25a784ba>RequestParams</a>
</font>
</td>
</tr>
<tr>
<td valign=top >
<font face="lucida console" size=-1>
<a href=#CookiePath>CookiePath</a>
</font>
</td>
<td valign=top >
<font face="lucida console" size=-1>
<a href=#RequestBinarc4419e4b>RequestBinaryRead</a>
</font>
</td>
</tr>
<tr>
<td valign=top >
<font face="lucida console" size=-1>
<a href=#CookieDomain>CookieDomain</a>
</font>
</td>
<td valign=top >
<font face="lucida console" size=-1>
<a href=#StatINC>StatINC</a>
</font>
</td>
</tr>
<tr>
<td valign=top >
<font face="lucida console" size=-1>
<a href=#SessionTimeo21fc354e>SessionTimeout</a>
</font>
</td>
<td valign=top >
<font face="lucida console" size=-1>
<a href=#StatINCMatch>StatINCMatch</a>
</font>
</td>
</tr>
<tr>
<td valign=top >
<font face="lucida console" size=-1>
<a href=#SecureSessio77114c01>SecureSession</a>
</font>
</td>
<td valign=top >
<font face="lucida console" size=-1>
<a href=#StatScripts>StatScripts</a>
</font>
</td>
</tr>
<tr>
<td valign=top >
<font face="lucida console" size=-1>
<a href=#HTTPOnlySess63d4d37d>HTTPOnlySession</a>
</font>
</td>
<td valign=top >
<font face="lucida console" size=-1>
<a href=#SoftRedirect>SoftRedirect</a>
</font>
</td>
</tr>
<tr>
site/config.html view on Meta::CPAN
<td valign=top >
<font face="lucida console" size=-1>
<a href=#Filter>Filter</a>
</font>
</td>
</tr>
<tr>
<td valign=top >
<font face="lucida console" size=-1>
<a href=#SessionSeria0633b2a7>SessionSerialize</a>
</font>
</td>
<td valign=top >
<font face="lucida console" size=-1>
<a href=#CgiHeaders>CgiHeaders</a>
</font>
</td>
</tr>
<tr>
<td valign=top >
<font face="lucida console" size=-1>
<a href=#SessionCount>SessionCount</a>
</font>
</td>
<td valign=top >
<font face="lucida console" size=-1>
<a href=#Clean>Clean</a>
</font>
</td>
</tr>
<tr>
<td valign=top >
<font face="lucida console" size=-1>
</font>
</td>
<td valign=top >
<font face="lucida console" size=-1>
<a href=#CompressGzip>CompressGzip</a>
</font>
</td>
</tr>
<tr>
<td valign=top bgcolor=#005196>
<font face="lucida console" size=-1>
<font color=white><b><a href=#Cookieless%20S21cbf4f4><font color=white>Cookieless Sessions</font></a></b></font>
</font>
</td>
<td valign=top >
<font face="lucida console" size=-1>
<a href=#FormFill>FormFill</a>
</font>
</td>
</tr>
<tr>
<td valign=top >
<font face="lucida console" size=-1>
<a href=#SessionQuery6920bb61>SessionQueryParse</a>
</font>
</td>
<td valign=top >
<font face="lucida console" size=-1>
<a href=#TimeHiRes>TimeHiRes</a>
</font>
</td>
</tr>
<tr>
<td valign=top >
<font face="lucida console" size=-1>
<a href=#SessionQueryd88d64b8>SessionQueryParseMatch</a>
</font>
</td>
<td valign=top >
<font face="lucida console" size=-1>
</font>
</td>
</tr>
<tr>
<td valign=top >
<font face="lucida console" size=-1>
<a href=#SessionQuery>SessionQuery</a>
</font>
</td>
<td valign=top bgcolor=#005196>
<font face="lucida console" size=-1>
<font color=white><b><a href=#Mail%20Adminis1a4d2b59><font color=white>Mail Administration</font></a></b></font>
</font>
</td>
</tr>
<tr>
site/config.html view on Meta::CPAN
you may want to use another tied database like DB_File or
MLDBM::Sync::SDBM_File.
<font face="courier new" size=3><pre>
</pre></font>With lightweight $Session and $Application use, you can get
away with SDBM_File, but if you load it up with complex data like
<font face="courier new" size=3><pre> $Session{key} = { # very large complex object }
</pre></font>you might max out the 1024 limit.
<font face="courier new" size=3><pre>
</pre></font>Currently StateDB can be: SDBM_File, MLDBM::Sync::SDBM_File,
DB_File, and GDBM_File. Please let me know if you would like to
add any more to this list.
<font face="courier new" size=3><pre>
</pre></font>As of version .18, you may change this setting in a live production
environment, and new state databases created will be of this format.
With a prior version if you switch to a new StateDB, you would want to
delete the old StateDir, as there will likely be incompatibilities between
the different database formats, including the way garbage collection
is handled.
<font face="courier new" size=3><pre>
PerlSetVar StateDB SDBM_File
</pre></font>
<p>
<a name=StateCache></a>
<font face=verdana><font class=title size=-1 color=#555555><b>StateCache</b></font>
<font face="courier new" size=3><pre>
</pre></font>Deprecated as of 2.23. There is no equivalent config for
the functionality this represented from that version on.
The 2.23 release represented a significant rewrite
of the state management, moving to MLDBM::Sync for its
subsystem.</font>
<p>
<a name=StateSeriali106736b1></a>
<font face=verdana><font class=title size=-1 color=#555555><b>StateSerializer</b></font>
<font face="courier new" size=3><pre>
</pre></font>default Data::Dumper, you may set this to Storable for
faster serialization and storage of data into state objects.
This is particularly useful when storing large objects in
$Session and $Application, as the Storable.pm module has a faster
implementation of freezing and thawing data from and to
perl structures. Note that if you are storing this much
data in your state databases, you may want to use
DB_File since it does not have the default 1024 byte limit
that SDBM_File has on key/value lengths.
<font face="courier new" size=3><pre>
</pre></font>This configuration setting may be changed in production
as the state database's serializer type is stored
in the internal state manager which will always use
Data::Dumper & SDBM_File to store data.
<font face="courier new" size=3><pre>
PerlSetVar StateSerializer Data::Dumper
</pre></font>
<p>
<a name=Sessions></a>
<font face=verdana><font class=title size=+0 color=#555555><b>Sessions</b></font>
</font>
<p>
<a name=CookiePath></a>
<font face=verdana><font class=title size=-1 color=#555555><b>CookiePath</b></font>
<font face="courier new" size=3><pre>
</pre></font>URL root that client responds to by sending the session cookie.
If your asp application falls under the server url "/asp",
then you would set this variable to /asp. This then allows
you to run different applications on the same server, with
different user sessions for each application.
<font face="courier new" size=3><pre>
PerlSetVar CookiePath /
</pre></font>
<p>
<a name=CookieDomain></a>
<font face=verdana><font class=title size=-1 color=#555555><b>CookieDomain</b></font>
<font face="courier new" size=3><pre>
</pre></font>Default 0, this NON-PORTABLE configuration will allow sessions to span
multiple web sites that match the same domain root. This is useful if
your web sites are hosted on the same machine and can share the same
StateDir configuration, and you want to shared the $Session data
across web sites. Whatever this is set to, that will add a
<font face="courier new" size=3><pre>
; domain=$CookieDomain
</pre></font>part to the Set-Cookie: header set for the session-id cookie.
<font face="courier new" size=3><pre>
PerlSetVar CookieDomain .your.global.domain
</pre></font>
<p>
<a name=SessionTimeo21fc354e></a>
<font face=verdana><font class=title size=-1 color=#555555><b>SessionTimeout</b></font>
<font face="courier new" size=3><pre>
</pre></font>Default 20 minutes, when a user's session has been inactive for this
period of time, the Session_OnEnd event is run, if defined, for
that session, and the contents of that session are destroyed.
<font face="courier new" size=3><pre>
PerlSetVar SessionTimeout 20
</pre></font>
<p>
<a name=SecureSessio77114c01></a>
<font face=verdana><font class=title size=-1 color=#555555><b>SecureSession</b></font>
<font face="courier new" size=3><pre>
</pre></font>default 0. Sets the secure tag for the session cookie, so that the cookie
will only be transmitted by the browser under https transmissions.
<font face="courier new" size=3><pre>
PerlSetVar SecureSession 1
</pre></font>
<p>
<a name=HTTPOnlySess63d4d37d></a>
<font face=verdana><font class=title size=-1 color=#555555><b>HTTPOnlySession</b></font>
<font face="courier new" size=3><pre>
</pre></font>default 0. Sets HttpOnly flag to session cookie to mitigate XSS attacks.
Supported by most modern browsers, it only allows access to the
session cookie by the server (ie NOT Javascript)
<font face="courier new" size=3><pre>
PerlSetVar HTTPOnlySession 1
</pre></font>
<p>
<a name=ParanoidSess9085f1d5></a>
<font face=verdana><font class=title size=-1 color=#555555><b>ParanoidSession</b></font>
<font face="courier new" size=3><pre>
</pre></font>default 0. When true, stores the user-agent header of the browser
that creates the session and validates this against the session cookie presented.
If this check fails, the session is killed, with the rationale that
there is a hacking attempt underway.
<font face="courier new" size=3><pre>
</pre></font>This config option was implemented to be a smooth upgrade, as
you can turn it off and on, without disrupting current sessions.
Sessions must be created with this turned on for the security to take effect.
<font face="courier new" size=3><pre>
</pre></font>This config option is to help prevent a brute force cookie search from
being successful. The number of possible cookies is huge, 2^128, thus making such
a hacking attempt VERY unlikely. However, on the off chance that such
an attack is successful, the hacker must also present identical
browser headers to authenticate the session, or the session will be
destroyed. Thus the User-Agent acts as a backup to the real session id.
The IP address of the browser cannot be used, since because of proxies,
IP addresses may change between requests during a session.
<font face="courier new" size=3><pre>
</pre></font>There are a few browsers that will not present a User-Agent header.
These browsers are considered to be browsers of type "Unknown", and
this method works the same way for them.
<font face="courier new" size=3><pre>
</pre></font>Most people agree that this level of security is unnecessary, thus
it is titled paranoid :)
<font face="courier new" size=3><pre>
PerlSetVar ParanoidSession 0
</pre></font>
<p>
<a name=SessionSeria0633b2a7></a>
<font face=verdana><font class=title size=-1 color=#555555><b>SessionSerialize</b></font>
<font face="courier new" size=3><pre>
</pre></font>default 0, if true, locks $Session for duration of script, which
serializes requests to the $Session object. Only one script at
a time may run, per user $Session, with sessions allowed.
<font face="courier new" size=3><pre>
</pre></font>Serialized requests to the session object is the Microsoft ASP way,
but is dangerous in a production environment, where there is risk
of long-running or run-away processes. If these things happen,
a session may be locked for an indefinite period of time. A user
STOP button should safely quit the session however.
<font face="courier new" size=3><pre>
PerlSetVar SessionSerialize 0
</pre></font>
<p>
<a name=SessionCount></a>
<font face=verdana><font class=title size=-1 color=#555555><b>SessionCount</b></font>
<font face="courier new" size=3><pre>
</pre></font>default 0, if true enables the $Application->SessionCount API
which returns how many sessions are currently active in
the application. This config was created
because there is a performance hit associated with this
count tracking, so it is disabled by default.
<font face="courier new" size=3><pre>
PerlSetVar SessionCount 1
</pre></font>
<p>
<a name=Cookieless%20S21cbf4f4></a>
<font face=verdana><font class=title size=+0 color=#555555><b>Cookieless Sessions</b></font>
</font>
<p>
<a name=SessionQuery6920bb61></a>
<font face=verdana><font class=title size=-1 color=#555555><b>SessionQueryParse</b></font>
<font face="courier new" size=3><pre>
</pre></font>default 0, if true, will automatically parse the $Session
session id into the query string of each local URL found in the
$Response buffer. For this setting to work therefore,
buffering must be enabled. This parsing will only occur
when a session cookie has not been sent by a browser, so the
first script of a session enabled site, and scripts viewed by
web browsers that have cookies disabled will trigger this behavior.
<font face="courier new" size=3><pre>
</pre></font>Although this runtime parsing method is computationally
expensive, this cost should be amortized across most users
that will not need this URL parsing. This is a lazy programmer's
dream. For something more efficient, look at the SessionQuery
setting. For more information about this solution, please
read the <a href=sessions.html><font size=-1 face=verdana><b>SESSIONS</b></font></a> section.
<font face="courier new" size=3><pre>
PerlSetVar SessionQueryParse 0
</pre></font>
<p>
<a name=SessionQueryd88d64b8></a>
<font face=verdana><font class=title size=-1 color=#555555><b>SessionQueryParseMatch</b></font>
<font face="courier new" size=3><pre>
</pre></font>default 0, set to a regexp pattern that matches all URLs that you
want to have SessionQueryParse parse in session ids. By default
SessionQueryParse only modifies local URLs, but if you name
your URLs of your site with absolute URLs like <tt>http://localhost</tt>
then you will need to use this setting. So to match
<tt>http://localhost</tt> URLs, you might set this pattern to
^<tt>http://localhost.</tt> Note that by setting this config,
you are also setting SessionQueryParse.
<font face="courier new" size=3><pre>
PerlSetVar SessionQueryParseMatch ^https?://localhost
</pre></font>
<p>
<a name=SessionQuery></a>
<font face=verdana><font class=title size=-1 color=#555555><b>SessionQuery</b></font>
<font face="courier new" size=3><pre>
</pre></font>default 0, if set, the session id will be initialized from
the $Request->QueryString if not first found as a cookie.
You can use this setting coupled with the
<font face="courier new" size=3><pre>
$Server->URL($url, \%params)
</pre></font>API extension to generate local URLs with session ids in their
query strings, for efficient cookieless session support.
Note that if a browser has cookies disabled, every URL
to any page that needs access to $Session will need to
be created by this method, unless you are using SessionQueryParse
which will do this for you automatically.
<font face="courier new" size=3><pre>
PerlSetVar SessionQuery 0
</pre></font>
<p>
site/config.html view on Meta::CPAN
also gain the ability to deploy your application as a
snapshot taken when the server starts and restarts.
This provides you with the reassurance that during a
production server update from development sources, you
do not have to worry with sources being used for the
wrong libraries and such, while they are all being
copied over.
<font face="courier new" size=3><pre>
</pre></font>Finally, though you really should not do this, you can
work on a live production application, with a test server
reloading changes, but your production server does see
the changes until you restart or stop/start it. This
saves your public from syntax errors while you are just
doing a quick bug fix.
<font face="courier new" size=3><pre>
PerlSetVar StatScripts 1
</pre></font>
<p>
<a name=SoftRedirect></a>
<font face=verdana><font class=title size=-1 color=#555555><b>SoftRedirect</b></font>
<font face="courier new" size=3><pre>
</pre></font>default 0, if true, a $Response->Redirect() does not end the
script. Normally, when a Redirect() is called, the script
is ended automatically. SoftRedirect 1, is a standard
way of doing redirects, allowing for html output after the
redirect is specified.
<font face="courier new" size=3><pre>
PerlSetVar SoftRedirect 0
</pre></font>
<p>
<a name=Filter></a>
<font face=verdana><font class=title size=-1 color=#555555><b>Filter</b></font>
<font face="courier new" size=3><pre>
</pre></font>On/Off, default Off. With filtering enabled, you can take advantage of
full server side includes (<a href=ssi.html><font size=-1 face=verdana><b>SSI</b></font></a>), implemented through Apache::SSI.
SSI is implemented through this mechanism by using Apache::Filter.
A sample configuration for full SSI with filtering is in the
<a href=eg/.htaccess>./site/eg/.htaccess</a> file, with a relevant example script <a href=eg/ssi_filter.ssi>./site/eg/ssi_filter.ssi</a>.
<font face="courier new" size=3><pre>
</pre></font>You may only use this option with modperl v1.16 or greater installed
and PERL_STACKED_HANDLERS enabled. Filtering may be used in
conjunction with other handlers that are also "filter aware".
If in doubt, try building your <a href=http://perl.apache.org><font size=-1 face=verdana><b>mod_perl</b></font></a> with
<font face="courier new" size=3><pre>
perl Makefile.PL EVERYTHING=1
</pre></font>With filtering through Apache::SSI, you should expect near a
a 20% performance decrease.
<font face="courier new" size=3><pre>
PerlSetVar Filter Off
</pre></font>
<p>
<a name=CgiHeaders></a>
<font face=verdana><font class=title size=-1 color=#555555><b>CgiHeaders</b></font>
<font face="courier new" size=3><pre>
</pre></font>default 0. When true, script output that looks like HTTP / <a href=cgi.html><font size=-1 face=verdana><b>CGI</b></font></a>
headers, will be added to the HTTP headers of the request.
So you could add:
<font face="courier new" size=3><pre> Set-Cookie: test=message
<html>...
</pre></font>to the top of your script, and all the headers preceding a newline
will be added as if with a call to $Response->AddHeader(). This
functionality is here for compatibility with raw cgi scripts,
and those used to this kind of coding.
<font face="courier new" size=3><pre>
</pre></font>When set to 0, CgiHeaders style headers will not be parsed from the
script response.
<font face="courier new" size=3><pre>
PerlSetVar CgiHeaders 0
</pre></font>
<p>
<a name=Clean></a>
<font face=verdana><font class=title size=-1 color=#555555><b>Clean</b></font>
<font face="courier new" size=3><pre>
</pre></font>default 0, may be set between 1 and 9. This setting determine how much
text/html output should be compressed. A setting of 1 strips mostly
white space saving usually 10% in output size, at a performance cost
of less than 5%. A setting of 9 goes much further saving anywhere
25% to 50% typically, but with a performance hit of 50%.
<font face="courier new" size=3><pre>
</pre></font>This config option is implemented via HTML::Clean. Per script
configuration of this setting is available via the $Response->{Clean}
property, which may also be set between 0 and 9.
<font face="courier new" size=3><pre>
PerlSetVar Clean 0
</pre></font>
<p>
<a name=CompressGzip></a>
<font face=verdana><font class=title size=-1 color=#555555><b>CompressGzip</b></font>
<font face="courier new" size=3><pre>
</pre></font>default 0, if true will gzip compress HTML output on the
fly if Compress::Zlib is installed, and the client browser
supports it. Depending on the HTML being compressed,
the client may see a 50% to 90% reduction in HTML output.
I have seen 40K of HTML squeezed down to just under 6K.
This will come at a 5%-20% hit to CPU usage per request
compressed.
<font face="courier new" size=3><pre>
</pre></font>Note there are some cases when a browser says it will accept
gzip encoding, but then not render it correctly. This
behavior has been seen with IE5 when set to use a proxy but
not using a proxy, and the URL does not end with a .html or .htm.
No work around has yet been found for this case so use at your
own risk.
<font face="courier new" size=3><pre>
PerlSetVar CompressGzip 1
</pre></font>
<p>
<a name=FormFill></a>
<font face=verdana><font class=title size=-1 color=#555555><b>FormFill</b></font>
<font face="courier new" size=3><pre>
</pre></font>default 0, if true will auto fill HTML forms with values
from $Request->Form(). This functionality is provided
by use of HTML::FillInForm. For more information please
see "perldoc HTML::FillInForm", and the
( run in 1.014 second using v1.01-cache-2.11-cpan-df04353d9ac )