Hi,

I have developed an ecommerce site using quixote and have recently come
across a few issues with session management.  If anyone can answer these
questions it'd be much appreciated.

First of all, I had been using the built-in session manager as I wasn't
bothered about losing session state when the server was restarted so
assumed a non-persistent manager would be ok.  I'm using SCGI however,
and it seems when a new handler is spawned it results in a new instance
of the session manager and so users who's requests get sent to different
handlers see their cart items dissappearing and things like that.  The
nicest way to solve this would be to make the session manager singleton
but as the different handlers reside in different address spaces this
isn't possible.  How is everyone else handling this?

I implemented a persistent mysql-backed session mapping so that I can
leave the handlers creating new instances but always pass in my custom
session mapping.  This seems to work well, when the new handlers are
spawned the session data is consistent as it's all stored in the
database.  Does anyone see a problem with this way of implementing
things?  There is a database write every time a session is modified
(possibly every time a page is requested) which seems a bit heavy but
that's the only draw-back I can see.

Finally (thanks if you've read this far :-)) I've noticed there doesn't
seem to be any expiring of sessions in quixote although the hooks are
there to do it.  Is this expected to be done by session managers?  I
wasn't too keen on this approach as there doesn't seem to be a good time
to do it.  I only have commit_changes, abort_changes and get_session
hooks in my session manager and I don't want to retire old sessions in
these methods as they will delay the response to the user.  Is there a
hook available that I can safely use to do something potentially
time-consuming like this?  How are other people handling this problem?

Thanks for listening,

Jamie Hillman