jjhorner has asked for the wisdom of the Perl Monks concerning the following question:

I'm thinking of redoing the way our environment does web page timeouts.

Right now, we have a C program that times people out. It isn't very integrated with Apache, and it seems to be pretty obfuscated.

Anyone know of a good starting point for Perl/Apache modules that will give me a good foundation for this custom handler? I need to have a timestamp sent to a file server-side when someone authenticates, that timestamp updated each time they make a request, and if that timestamp is ever more than 15 minutes old, force them to log back in.

I also need to have a way to exempt certain directories.

I was thinking of doing this using a perl module for Apache, called from a .htaccess file, and Realm specific. I will have mod_perl built into the webservers, so I have complete access to the Perl version of the Apache API. This will be Stronghold server (v. 3.0/Apache 1.3.12).

Any suggestions, hints, comments, answers, or rants are welcome.

I have the Eagle book, so I'll be looking in it.


J. J. Horner