jeyroz has asked for the wisdom of the Perl Monks concerning the following question:

I'm using Apache::Session to handle session data and am looking into alternatives to writing a session id cookie. I know that the common alternative is to write the id into the url and pass it between requests but I have heard this can be a tedious task ... which brings me to my question.

I have just begun to read up on Apache's mod_rewrite (used to manipulate url strings) and was wondering if anyone has had success using mod_rewrite to pass a session id through a url.

I appologize if this question is baseless as I am just now learning about the possibilities of the Apache mod.

author => jeyroz

  • Comment on Keeping track of a session id (mod_rewrite?)

Replies are listed 'Best First'.
Re: Keeping track of a session id (mod_rewrite?)
by perrin (Chancellor) on Jun 18, 2005 at 17:26 UTC
Re: Keeping track of a session id (mod_rewrite?)
by jasonk (Parson) on Jun 18, 2005 at 14:53 UTC

    There is an example in the URL Rewriting Guide of setting environment variables based on part of the URL. The example they give is:

    RewriteEngine on RewriteRule ^(.*)/S=([^/]+)/(.*) $1/$3 [E=STATUS:$2]

    This lets a URL like /foo/S=java/bar/ get translated to the path /foo/bar, while setting the environment variable $STATUS to 'java'.

    We're not surrounded, we're in a target-rich environment!
Re: Keeping track of a session id (mod_rewrite?)
by davidrw (Prior) on Jun 18, 2005 at 15:20 UTC
    I could be misunderstanding, but i'm not sure it's possible since mod_rewrite only acts on "inbound" urls... So client logins into your site, thus establishing a session on the server. Now, the client asks for foo.html -- how could mod_rewrite know how to match this new client request (which could be from any client) with a session id on the server side? (no cookie, can't rely on remote IP, no info yet in query string)

    I don't know if there's anything in perl/mod_perl/cgi-world that does the same transparent query string appending of session id that php can do (i hope so and that someone will mention it), but here's another alternative: You could write a filter for your outbound content that finds relative urls and appends the session id to the query string. I've used this method to encrypt query strings, so query strings don't look like ?year=3&type=search&btn=find but instead like s=<somebignumber>. To set this up need the following: