jjhorner has asked for the wisdom of the Perl Monks concerning the following question:

I'm thinking of redoing the way our environment does web page timeouts.

Right now, we have a C program that times people out. It isn't very integrated with Apache, and it seems to be pretty obfuscated.

Anyone know of a good starting point for Perl/Apache modules that will give me a good foundation for this custom handler? I need to have a timestamp sent to a file server-side when someone authenticates, that timestamp updated each time they make a request, and if that timestamp is ever more than 15 minutes old, force them to log back in.

I also need to have a way to exempt certain directories.

I was thinking of doing this using a perl module for Apache, called from a .htaccess file, and Realm specific. I will have mod_perl built into the webservers, so I have complete access to the Perl version of the Apache API. This will be Stronghold server (v. 3.0/Apache 1.3.12).

Any suggestions, hints, comments, answers, or rants are welcome.

I have the Eagle book, so I'll be looking in it.


J. J. Horner

Replies are listed 'Best First'.
Re: Apache module starting points
by KM (Priest) on Jun 07, 2000 at 19:56 UTC
    The Eagle book is a good starting point (and a good book in general). I would also look at the Apache::* modules on CPAN which may do at least part of what you want. Things that come to mind are Apache::Session, Apache::Cookie, Apache::Auth*, and even HTML::Mason. Look at what is on and see what may already be of use to you.


Re: Apache module starting points
by plaid (Chaplain) on Jun 07, 2000 at 20:37 UTC
    I'd also suggest the idea of starting at CPAN and looking for existing modules to start with. You say that you need to force users to re-authenticate after 15 minutes, so I'd start by looking for an Apache module that will take care of the authentication that you want to do, e.g. Apache::AuthDBI or Apache::AuthCookie, etc. If you can get an existing perl module to take care of this, it should be fairly easy to hack in a timestamping like you want, and it should be trivial to hack in the exemption of certain directories. I've done some hacking on Apache::AuthDBI myself to get it to work in a specific environment, and it was much, much faster than anything I could have come up with from scratch. Good luck!