New in HTTP Server 2.4: Session support with mod_session

Sessions are a standard feature of web application servers, however the interoperability of sessions between different web application servers is generally limited. This talk introduces the mod_session modules collection in httpd v2.4 that attempts to create a unified session for httpd and web application servers. It is aimed at people interested in practical single sign-on, as well as for people trying to bring sanity to mixed architecture environments. We will start by introducing some of the history behind mod_session, why it was developed, and what problems mod_session is trying to solve. We will then continue by introducing what a session is within mod_session, and cover some of the ways in which a session might be created and where a session might be stored. We will then move on to cover the options available for securing sessions using encryption, and handling sessions on highly loaded or distributed environments. The focus will then shift to web applications and web application servers, and how they might read from and write to a session without having to care how the session is implemented or configured. We will then show some examples of how sessions might be used in practice, with examples in secure and in highly loaded environments. The talk will conclude by looking at some of the future development planned for mod_session, and how people can get involved in further development before httpd v2.4 is finally released.