Which Session module?

Polonius has asked for the wisdom of the Perl Monks concerning the following question:

In response to Compressing data structures for cookies, several people have recommended CGI::Session for managing sessions. The CGI::Session POD itself suggests that users consider Apache::Session as an alternative. Does anyone have any views on the relative merits of the two?

Here are a few points I have gleaned from the documentation:

Apache::Session (as the name perhaps implies) is designed to work with Apache and mod_perl, but there's no reason why it shouldn't work with CGI. I'm not clear on whether CGI::Session is compatible with Apache/mod_perl.
CGI::Session has lots of methods to allow storage and recovery of data; Apache::Session simply ties a hash to the data store, and it all happens behind the scenes. Hence Apache::Session seems easier to use (though perhaps less efficient?), while CGI::Session gives the user more control.
CGI::Session has lots more documentation (but needs it, because of all those methods).

Does anyone have any advice on when it's best to use CGI::Session and when Apache::Session?

Polonius

Comment on Which Session module? Download Code

Replies are listed 'Best First'.
Re: Which Session module? by perrin (Chancellor) on May 09, 2007 at 13:39 UTC
Use CGI::Session. It is more actively maintained, has better docs, and is easier to use than Apache::Session. Apache::Session often makes trouble for people when they make a mistake with scoping and the changes don't get saved.	[reply]
Re^2: Which Session module? by Polonius (Friar) on May 09, 2007 at 20:26 UTC
Thanks for the tip. I guess that's the trouble with the `tie` magic: when it works, it isn't obvious how, but when it fails, it isn't obvious why. Polonius	[reply] [d/l]
Re: Which Session module? by naikonta (Curate) on May 09, 2007 at 10:38 UTC
I used to use Apache::Session (AS), but I'm about to migrate to CGI::Session (CS). Despite the name, AS does work under vanilla CGI (I didn't do much mod_perl). The convenient in using AS is lying on the tie interface. You work on the session data as usual with ordinarny hash. But, this is the tie interface that brings the cons for me since I have to worry about extra variable. Another cons is that I had to explicitly say relevant driver for the storage. `use Apache::Session::MySQL; my %session; tie %session, 'Apache::Session::MySQL';` [download] I haven't used CS, but the docs look promising. So I can't actually give real experience here. I can imagine that I can use my conf structure to fill in the dsn option. I prefer the method call interface provided by CS. I still hope that CS will take an active dbh as alternative to dsn. Another downside for CS is that its constructor is too way polymorphic (if this term is correct). While I have no problem with this, but it can confuses newbie. Open source softwares? Share and enjoy. Make profit from them if you can. Yet, share and enjoy!	[reply] [d/l]
Re: Which Session module? by scorpio17 (Canon) on May 09, 2007 at 13:30 UTC
Apache::Session works under plain CGI, and CGI::Session works under mod_perl, but I've never compared benchmarks for the two. My hunch is that using CGI::Session requires more memory (it requires CGI.pm, which is big), so if you're resources are tight and all you need is a basic session without all the other stuff in CGI.pm, then Apache::Session under mod_perl might be the way to go.	[reply]
Re^2: Which Session module? by naikonta (Curate) on May 09, 2007 at 14:40 UTC
Both can be used under mod_perl and vanilla CGI. CGI is the default, doesn't mean it's required for CGI::Session to work. You can replace it via `$query` option with any CGI-compatible package of your fave. Open source softwares? Share and enjoy. Make profit from them if you can. Yet, share and enjoy!	[reply] [d/l]
Re^2: Which Session module? by perrin (Chancellor) on May 09, 2007 at 13:35 UTC
What makes you think CGI::Session requires CGI? It doesn't look like it does to me.	[reply]


go ahead... be a heretic
	PerlMonks