I don't use Apache::Session, but I do use CGI::Session which is very similar.
There is no method for retrieving what you want, as others have said. But I have done it using my own code. THese remarks assume you are using a serialisation or storage API which you can easily gain access to. In my case I use MySQL. Here is an outline.
- Make sure you have the users id or username saved in the session, NOT IN THE COOKIE!.
- Write something which will check for orphan sessions, those which have expired but not deleted, and delete them.
- Either:
- Make sure your code checks the user privileges, which must have been updated somewhere else in the system, each time an access is attempted to a privileged page. or:
- Store a privileges code in the session (but this should be an unecessary duplicate of info stored elsewhere).
In my case I also store a '_IS_LOGGED_IN' flag in the session so on each page access I can check users status easily. In essence you want the code to check 'is the user logged in' and 'does he have sufficient privilege for this page' as part of the access to each page.
These features are certainly some which could be included in a session manager, but it does depend on just HOW you want to use the session manager. As I said earlier, I don't use Apache::Session, in CGI::Session everything you need to implement these additional features is stored in the session record. Such may not be the case in Apache::Session, you will need to check, but the two modules are closely related.
jdtoronto
