[plt-scheme] session info in web server applications

From: Dave Gurnell (d.j.gurnell at gmail.com)
Date: Sat Nov 7 14:00:39 EST 2009

Hi all,

I've extracted the cookie/session parts of our code and put them here  
for comment:


There's no documentation but the code is really short and there's  
tests in there to show how it works. The README gives a brief overview  
and lists some outstanding issues. Feel free to take a peek, pull it  
apart, and post your concerns here.

The key issue I'm aware of is that the session data is stored in a  
global hash table with no memory management. Over time, the table will  
grow and grow until the server runs out of memory. At Untyped we use  
sessions exclusively to store usernames. These are so small we've  
never had a problem so I've never been motivated to come up with a  
better solution.

I spoke to Jay about this and he recommended an alternative approach  
using md5-stuffers to write the session information out to disk. I'll  
implement that when I get a chance, and I'll take contributions by  
email if anyone else fancies jumping in.

I'm not sure about thread safety but we've never had any problems.

Also, this is an adaptation of code from other Untyped libraries, and  
I've tweaked some things without adding 100% test coverage. Please  
don't treat this as reliable code to be deployed in production!


-- Dave

Posted on the users mailing list.