I've set up a discussion board, using CGI::Session.
I used the suggested setup from CGI::Session::Cookbook, which has me saving session data into text files in a tmp directory.
Now I have a tmp directory with a huge number of small text files in it. I guess there's one for each browser which has ever visited the site, whether its user logged in or not? It's already difficult to interact with this folder via FTP because some clients time out just opening the folder.
So, question one, how sustainable is this? How many small text files can a linux system have in one folder before things start to slow down or otherwise cause problems? Should I move to a tmp/a, tmp/b, tmp/c system? Should I move to a database as the storage rather than files? Could I do this somehow without forcing all users to log in again? Remove files regularly, where the session isn't logged in and the access time is a long time ago?
Question two -- how would I quickly cancel a user's session (force them to be logged out and not let them log in again)? I'm concerned about how to ban people, obviously. There's no easy way I can see to locate user foo and kill their session, and if we've chosen the "remember me" option, the init() at the top of the page as specified by the cookbook just reads them as logged in.