http://qs321.pair.com?node_id=318813

Jeppe has asked for the wisdom of the Perl Monks concerning the following question:

Fellow Monks,

I have a question. How do I retrieve a list of the active sessions on my web application? I use Apache::Session to manage sessions.

What I wish to achieve is instantaneous changes to a user's access level - instantaneous meaning activated on next page view. So, whenever an administrator alters the access level for a user, the user will not need to log in and out.

  • Comment on Listing active sessions in Apache::Session?

Replies are listed 'Best First'.
Re: Listing active sessions in Apache::Session?
by jdtoronto (Prior) on Jan 05, 2004 at 14:45 UTC
    I don't use Apache::Session, but I do use CGI::Session which is very similar.

    There is no method for retrieving what you want, as others have said. But I have done it using my own code. THese remarks assume you are using a serialisation or storage API which you can easily gain access to. In my case I use MySQL. Here is an outline.

    1. Make sure you have the users id or username saved in the session, NOT IN THE COOKIE!.
    2. Write something which will check for orphan sessions, those which have expired but not deleted, and delete them.
    3. Either:
      • Make sure your code checks the user privileges, which must have been updated somewhere else in the system, each time an access is attempted to a privileged page. or:
      • Store a privileges code in the session (but this should be an unecessary duplicate of info stored elsewhere).

        In my case I also store a '_IS_LOGGED_IN' flag in the session so on each page access I can check users status easily. In essence you want the code to check 'is the user logged in' and 'does he have sufficient privilege for this page' as part of the access to each page.
    These features are certainly some which could be included in a session manager, but it does depend on just HOW you want to use the session manager. As I said earlier, I don't use Apache::Session, in CGI::Session everything you need to implement these additional features is stored in the session record. Such may not be the case in Apache::Session, you will need to check, but the two modules are closely related.

    jdtoronto

[reply]
Re: Listing active sessions in Apache::Session?
by PodMaster (Abbot) on Jan 05, 2004 at 11:39 UTC
    You don't. Apache::Session provides no API for that sort of thing (you can see that from the pod). If you really want to do it, you'll have to go sourcediving. Did you check cpan to see if there is some extension that will let you do this?

    MJD says "you can't just make shit up and expect the computer to know what you mean, retardo!"
    I run a Win32 PPM repository for perl 5.6.x and 5.8.x -- I take requests (README).
    ** The third rule of perl club is a statement of fact: pod is sexy.

[reply]
Re: Listing active sessions in Apache::Session?
by drfrog (Deacon) on Jan 05, 2004 at 14:25 UTC
    interesting , i can see the need for this too!

    couldnt you pull the data straight out of the session database table or file and do all the work on that data that way?
[reply]
      Yep and thanks. I've changed from Apache::Session::File to Apache::Session::MySQL, and now I can run something like this: 
      #!/usr/bin/perl

use strict;
use warnings;

use DBI;
use Apache::Session::MySQL;
use Data::Dumper;

my $db_user = 'root';
my $db_pass = '';

my $dbh = DBI->connect('DBI:mysql:sessions', 'root', '');
my $sth = $dbh->prepare('select id from sessions');
$sth->execute();

while (my $arrayref = $sth->fetchrow_arrayref) {
  my $id = $arrayref->[0];
  my %hash;
  tie %hash, 'Apache::Session::MySQL', $id, {
                         DataSource => 'dbi:mysql:sessions',
                         UserName   => $db_user,
                         Password   => $db_pass,
                         LockDataSource => 'dbi:mysql:sessions',
                         LockUserName   => $db_user,
                         LockPassword   => $db_pass
                        };
  print Dumper($hash{$id});
  untie %hash;
}

$sth->finish();

      [download]
      This is a good step in the right direction, so I think I'm good from here.. It's unfortunate that I need to hack in this ungraceful way, though.
[reply]
[d/l]

Back to Seekers of Perl Wisdom