Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?

Keeping track of a session id (mod_rewrite?)

by jeyroz (Monk)
on Jun 18, 2005 at 14:44 UTC ( #467987=perlquestion: print w/replies, xml ) Need Help??

jeyroz has asked for the wisdom of the Perl Monks concerning the following question:

I'm using Apache::Session to handle session data and am looking into alternatives to writing a session id cookie. I know that the common alternative is to write the id into the url and pass it between requests but I have heard this can be a tedious task ... which brings me to my question.

I have just begun to read up on Apache's mod_rewrite (used to manipulate url strings) and was wondering if anyone has had success using mod_rewrite to pass a session id through a url.

I appologize if this question is baseless as I am just now learning about the possibilities of the Apache mod.

author => jeyroz

  • Comment on Keeping track of a session id (mod_rewrite?)

Replies are listed 'Best First'.
Re: Keeping track of a session id (mod_rewrite?)
by perrin (Chancellor) on Jun 18, 2005 at 17:26 UTC
Re: Keeping track of a session id (mod_rewrite?)
by jasonk (Parson) on Jun 18, 2005 at 14:53 UTC

    There is an example in the URL Rewriting Guide of setting environment variables based on part of the URL. The example they give is:

    RewriteEngine on RewriteRule ^(.*)/S=([^/]+)/(.*) $1/$3 [E=STATUS:$2]

    This lets a URL like /foo/S=java/bar/ get translated to the path /foo/bar, while setting the environment variable $STATUS to 'java'.

    We're not surrounded, we're in a target-rich environment!
Re: Keeping track of a session id (mod_rewrite?)
by davidrw (Prior) on Jun 18, 2005 at 15:20 UTC
    I could be misunderstanding, but i'm not sure it's possible since mod_rewrite only acts on "inbound" urls... So client logins into your site, thus establishing a session on the server. Now, the client asks for foo.html -- how could mod_rewrite know how to match this new client request (which could be from any client) with a session id on the server side? (no cookie, can't rely on remote IP, no info yet in query string)

    I don't know if there's anything in perl/mod_perl/cgi-world that does the same transparent query string appending of session id that php can do (i hope so and that someone will mention it), but here's another alternative: You could write a filter for your outbound content that finds relative urls and appends the session id to the query string. I've used this method to encrypt query strings, so query strings don't look like ?year=3&type=search&btn=find but instead like s=<somebignumber>. To set this up need the following:

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://467987]
Approved by davidrw
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (3)
As of 2023-06-10 10:33 GMT
Find Nodes?
    Voting Booth?
    How often do you go to conferences?

    Results (38 votes). Check out past polls.