[cgiapp] Announce: Data::Session - A re-write of CGI::Session

Ron Savage ron at savage.net.au
Sun Dec 5 14:33:24 EST 2010 

Hi

On Sun, 2010-12-05 at 15:53 +0000, Larig Tech wrote:
> Hi Ron,
> Given the cost to the coder of switching to a different sessions
> implementation,
> and the cost to the community of having a separate sessions package, is
> there
> any discourse on the benefits of adopting Data::Session?  At the moment
> you've
> left me only seeing costs.

I'm not ordering anyone to switch. Everyone can freely choose to stay with CGI::Session or move.

> After some digging I found "See
> Data::Session::CGISession<http://search.cpan.org/~rsavage/Data-Session-1.01/lib/Data/Session/CGISession.pm>for
> an extended
> discussion of the design changes between
> Data::Session<http://search.cpan.org/~rsavage/Data-Session-1.01/lib/Data/Session.pm>and
> CGI::Session <http://search.cpan.org/perldoc?CGI%3A%3ASession>."
> But again, that just reinforces the costs and none of the benefits; there
> must
> be some or you wouldn't have gone to all that effort.  If it's a redesign
> then I'd
> expect some examples illustrating what I can do with your package that I
> can't do with the two market leaders.

Data::Session is not designed to provide bells and whistles unavailable
with CGI::Session. It's designed with 2 things in mind:

o To provide an almost identical interface, to minimise transition costs

o To be supported

Have you missed the recent traffic on this subject? At the risk of
repeating myself, I'll include here the body of an off-list reply I
typed up minutes ago:

###################################################################
It's been born of several years frustration....

o I write almost all the patches for CGI::Session

o And have done for several years (since 2006)

o The original author Sherzod Ruzmetov has dropped out of the Perl scene

o The current maintainer is Mark Stosberg

o He refuses to let me be co-maintainer of the module

o Meaning I can't release patches

o The last release by him is V 4.42 in August 2009 (sic)

o Since then I've made many patches [1] (up to V 4.45), but these are
locked up in the repository:

http://github.com/cromedome/cgi-session/tree/master

o Off-list msgs to me have revealed deep disquiet and frustration over
Mark's handling of a number of projects, including CGI::Session

o I have plenty of time available to re-do the code

o Both modules are Open Source...

[1] Here are those patches:

4.45 - Thursday, February 4, 2010
* FIX: Make tests use 't/', or a temp dir, for temp files, not '.'.
* NEW: RT#51191. Update store() in CGI::Session::Driver::DBI,
CGI::Session::Driver::db_file,
	CGI::Session::Driver::file, CGI::Session::Driver::mysql and
CGI::Session::Driver::postgresql
	to accept a 4th parameter, $etime.
	Patch CGI::Session to pass this parameter to the storage mechanism
called within flush().
	Note: The code shipped in this module does not yet make any use of this
parameter.
	Thanx to Pavel V. Rochnyack.
* NEW: Call query->can('cookie') before trying to call query->cookie().
	This means the query object does not have to have a cookie() method.
	Add corresponding test t/cookie.free.t.
* NEW: Add {query_class => 'Some::Class'} to the \%session_params in the
calls to new() and load().
	This determines what class other than CGI is 'require'd in the query()
method.
	The default ('CGI') is to 'require' CGI, as always.
* FIX: Fix a bug in parameter validation in load(). This required a
corresponding patch to t/load.t.
* FIX: Rewrite the part of the POD which discusses UTF8.
* FIX: RT#51192. In load(), check the existence of SESSION_EXPIRE_LIST
before building
	the list of expired paramters. Thanx to Pavel V. Rochnyack.
* INTERNAL: Add _set_value(), to avoid setting the modified
	flag when a value being stored into the object is the same as the
current value.
	Note: All objects loaded via a call to load() - either from within the
object or by the user -
	have their access time set, and hence have the modified flag set. This
in turn means all such
	object are written to disk by flush(). This default behaviour has not
changed.
* INTERNAL: Re-write the DESTROY() method, and its docs.
* INTERNAL: Re-write the the query() method, and its docs.
* INTERNAL: Re-write the the name() method slightly, and its docs.
* INTERNAL: Fix: RT#50232. Add these files: MANIFEST, META.yml,
MYMETA.yml. Thanx to Lawrence L. Gilbert.
* INTERNAL: Re-work docs (just for CGI::Session) to fix many broken POD
links.
* INTERNAL: Patch t/session_param_undef.t to use a temporary directory.
* INTERNAL: Patch t/bug24285.t and t/flush.t to delete their working
directory.
* INTERNAL: Patch t/g4_sqlite_storable.t and t/g4_storable.t to use a
temporary directory.

4.44 - Tuesday, September 8, 2009
* Note: Not uploaded to CPAN.
* Add sub _report_status() to display the status flags within the
object. Used for debugging.
* Change the parameters to load() so that the 4th parameter is always a
hashref (or undef). In the past
       it could be a scalar, but this scalar was undocumented.
* Add a note under load() to explain the previously undocumented 4th
parameter to load(), which
       was a scalar only used internally. Explain that now the 4th
parameter to load() must be a hashref (or undef).
* Add a note under load() about usage of the global variable
$CGI::Session::IP_MATCH, and how it can be
       set with    use CGI::Session qw/ip_match/.    This was previously
only documented in the POD
       for CGI::Session::Tutorial.
* FIX: RT#47795. Fix load() whereby find() can now call load() when
$CGI::Session::IP_MATCH is set, and
       sessions are not deleted just because their IP addresses do not
match the client.
* Add t/find_ip_matches.t to demonstrate the new behaviour when find()
calls load(). The new behaviour
       is that calling find(), which calls load(), with
$CGI::Session::IP_MATCH set to 1, does not
       delete the sessions whose IP addresses do not match the client's
IP address.

4.43 - Monday, August 31, 2009
* Note: Not uploaded to CPAN.
* FIX: RT#48733. Avoid calling sprintf() in CGI::Session::ErrorHandler,
       to solve taint error for Perl V 5.10.0. All well-written code
will have
       been using errstr() to retrieve errors anyway, so this change
will not
       affect any code which obeys the API. (Peter Kaminsk, Ron Savage,
Mark Stosberg)
* FIX: CGI::Session::Serialize::freezethaw: Change the VERSION line
syntax to match the other modules.
* FIX: CGI::Session::Driver::db_file: Ditto.
* FIX: CGI::Session::Test::Default (Embedded packages): Ditto.
* FIX: Make the version number the same in all modules.
* FIX: POD to refer to new (git) repository
* FIX: Update Changelog.ini
###################################################################

> Why on earth the horrendous naming irregularities?  In that document you
> show that CGI::Session has perfect regularity when naming storage driver
> classes (all lowercase) whereas Data::Session has gone for the completely
> arbitrary:
> * ODBC - all caps
> * mysql - all lowercase
> * Oracle - Pascal case
> * SQLite - erm, random case
> That should be a big flashing warning signal that the people naming those
> classes weren't talking to each other.

You're right of course.

I was strongly tempted to rectify that problem when I made so many other
internal changes.

It's not easy deciding which convention to support, and in the end (as I
said - sortof - in the docs) I've gone with the Principle of Least
Surprise.

People coming from DBD::Pg and DBD::mysql shouldn't have that confusion
in the first place. I decided it was be-kind-to-beginners-month :-).

-- 
Ron Savage
http://savage.net.au/
Ph: 0421 920 622

More information about the cgiapp mailing list