CGI question: session management mechanisms

BrentDax has asked for the wisdom of the Perl Monks concerning the following question:

I have to write a small, shopping cart-esque CGI application for a web site. It shouldn't get much traffic--fifty hits a day would be a lot. It needs to remember some additional information (a user-provided string associated with each item in the cart), so I probably can't use an over-the-counter solution for the shopping cart itself. What I'm wondering about is the session management.

Because of privacy concerns by many people and size limits, I doubt I'll be able to use cookies. So I'll need a server-side mechanism (probably based on having the session ID in the URL) that's cross-server (which I think eliminates Apache::Session) and doesn't requre a relational database--the best I have access to is DBM. (I can't install MySQL or whatever--it's not my server.) Does such a mechanism exist? If not, do you have any tips on how to go about writing one? (And do you think releasing CGI::Session::DBM or whatever it would end up being to CPAN would be helpful?)

=cut
--Brent Dax
There is no sig.

Comment on CGI question: session management mechanisms

Replies are listed 'Best First'.
Re: CGI question: session management mechanisms by perrin (Chancellor) on Sep 23, 2002 at 16:49 UTC
Just because there is no shopping cart handy that does exactly what you want doesn't mean you should give up and start from scratch. You might find that it takes very minimal work to modify an existing one. Nearly all major sites rely on cookies these days, so I think you may want to reconsider them. Size is not an issue, since the typical way to use cookies is to just store a short unique ID in the cookie and then use that to reference data kept on the server side. Nevertheless, session IDs in URLs work just fine and have been written about before on this site. If by cross-server you mean working across a cluster of server machines (which you really don't need if you're only getting 50 hits a day!), then Apache::Session will work fine. You can use a database or dbm. If a database is truly out, then you have to use files shared on NFS or Samba. The MLDBM::Sync module supports this with proper locking, and Apache::Session does too, although I don't think many people use Apache::Session::DB_File.	[reply]
Re: CGI question: session management mechanisms by swiftone (Curate) on Sep 23, 2002 at 21:00 UTC
I'm not sure I understand your concern about cookies, but Apache::Session supports any method of SessionID storage (URL or Cookie). I'm not sure what you mean by "cross-server", but Apache::Session is a nice piece of flexible code, I'd give it another look see. (it doesn't require mod_perl, for example, nor is it actually related to Apache, despite the name) DBD::SQLite may solve your DB problems, and I'm pretty sure there is a Apache::Session::SQLite	[reply]
Re: CGI question: session management mechanisms by Hero Zzyzzx (Curate) on Sep 23, 2002 at 22:01 UTC
There's always CGI::Session and it's related brethren like CGI::Session::DB_File and CGI::Session::MySQL by Sherzod Ruzmetov, which I'm becoming a bigger fan of as I use them more. . . -Any sufficiently advanced technology is indistinguishable from doubletalk.	[reply]
Re: CGI question: session management mechanisms by sch (Pilgrim) on Sep 23, 2002 at 16:42 UTC
For something simple, I'd look at placing hidden form variables on your page - using the CGI modules would allow these to maintain their values across pages easily.	[reply]
Re: CGI question: session management mechanisms by husoft (Monk) on Sep 23, 2002 at 16:57 UTC
You can also use a Text Database with the information you want, you send the user a cookie with an ID and then open a local file (outside of the web tree) for append with something like: id : p:r:e:f:e:r:e:n:c:e:s Hope this may be helpfull!	[reply]