[Masonmail-developers] sessions

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I've been playing with different options and settings locally here while 
trying to figure out the best ground work to start with.  I believe it's 
important to have a sound foundation before we try to build a house.

I'm a little leary about using Apache::Sessions::

There's a lot of questions that come up with a session management 
process which stores only the username/password and yet, doesn't expire 
itself off the system.

Since this is not a data element that we would want or require long term 
storage of, it's adding a level of maintenance to the administration of 
the application that I would hope to avoid.  Perhaps not a large one, 
but a level of administration just the same.

The Paranoid would complain about storing username/passwords on the 
disk, but if you can see the disk, you've already gotten access more 
than is intended.  But it may be a point.

If there was a lot of user-specific customization there might be a case 
for migrating data storage off a file based system to something else, 
which Apache::Session more readily supports.  But I don't know that 
there is much of that in this application.  Currently a language 
preference might be the only one I can think of, and that could be 
readily managed by a client cookie.

Personally, I would tend towards self maintenance, simple installation, 
and simple administration as much as possible.  KISS.  I would like to 
think this can compete in the same user-space as the likes of 
squirrelmail.  Simple to configure, simple to install.  But Mason, even 
mod_perl, can easily blow the socks off PHP.  It's just that no one has 
yet delivered a really decent product.

I would like to show the world what Mason can do.  But the world does 
not consist of brain surgeons and rocket scientists.