Mailing lists
The README.bySession file that accompanies this distribution.
The bySession function was contributed to mod_backhand by
Martin Domig <>  

bySession does the following:

Search one (and only one) Cookie-header sent by the client,
search for the string "PHPSESSID=" or another identifier and
extract the encoded host address from this string. If no
matching cookie is found, then the URI arguments are searched.
The decoded host IP adress is compared to all server adresses,
the first matching server is returned.  Note that if you have
multiple interface cards in your seb server, the server
IP address has to match those reported by mod_backhand, so
check the backhand-handler (/backhand/) page to see which
IP it is using.

The IP address octets are stored hex encoded.  For example:
would decode to IP: (7f=127, 00=0, 01=1)

A few (or more) words about debugging:

There is an ap_log_error statement that will notify you that
no valid session data was presented by the client.  This
can be abusive on systems with high traffic.  So, the line is
commented out by default.

If you uncomment this debugging statement, then the first
request of a session will throw an error in apaches errorlogs:
"bySession: could not find session_id". That is OK, it
just says that this is the first request of a session that does
not have a php_session_id set yet.

If that happens EVERY request (not just the first one) then
bad things are happening, most likely the client (customers
browser) sent back more than one Cookie - header (that is not
handled yet). This is possible if your site is using cookies for
the session_id and another cookie for other variables. A quick
test using mozilla M18 showed that at least this web browser
stuffs all cookie information into one header, I am assuming here
that other clients do as well.

If not and that happens to you, debug the code and make it public ;o)

Server side code augmentation

Note that this only works if the PHP part of the site is
programmed correctly, the host address is not encoded into the
session_id by default. Use the code from my test script I was using
while developing/debugging:

$sid = session_id();
if(strlen($sid) == 32) { /* This should be the default length */
        $arr = split("\.", $HTTP_SERVER_VARS["SERVER_ADDR"]);
        $encstr = "";
        while(list($i, $number) = each($arr)) {
                $hex = dechex($number);
                if(strlen($hex) < 2) $hex = "0".$hex;
                $encstr .= $hex;
        session_id($encstr . $sid);

print("count: $count - this session_id: " . session_id() . "<br>\n");

This makes sure the server_addr gets hex_encoded into the
php session_id. Note that the default lenght of 32 chars for
the php session_id could be dependand of the host architecture
(this was tested on an i686, serverstring =
"Apache/1.3.9 (Unix) Debian/GNU balanced_by_mod_backhand/1.1.0
PHP/4.0.3pl1"). The phpinfo() call is very useful to see which
variables are set and which headers have been transferred from
the client.
Something funny: My script increases a session variable $count
each time the client accesses the script. The first time it is
called the variable is increased 3 or 4 times, no idea why.
Did not notice any other funny stuff.

The perl code for this is very similar and left as an excercise
to the reader.

Apache server configuration:

<Directory "/path/to/your/stuff">
        <IfModule mod_backhand.c>
                Backhand byAge
                Backhand byLoad
                Backhand bySession

Please make sure that the byAge handler gets called before the
bySession handler; bySession does not check if the server
really is alive. And make sure that bySession gets called last.
The rest look up in the mod_backhand documentation.


* Test it :o)

Copyright © 1999 Theo Schlossnagle. All rights reserved.