[Catalyst] Session data storage option

[Marcello]

In "solved issues", section Plugin::FastMmap

( http://dev.catalyst.perl.org/wiki/SolvedIssues#si.2 )

we have:

storage => "/tmp/session"

I usually set this parameter to

$c->config->{home} . '/tmp/session'

I would like to discuss the pros and cons of this setting wrt:

* portability:
Windows systems do not have the /tmp directory;
_but_ one could use File::Spec to portably obtain the path of 
system-wide temp directory

* security:
session data is not kept in a "public" place like /tmp
_but_ is this really an issue with proper /tmp and umask settings ?

* stability:
The /tmp directory is a... temporary directory so couldn't it be wiped 
out from time to time (e.g. by a cron job) ?

* easier deployment:
c.config.home/tmp is just another app's subdirectory and it's the same 
in the developement environment and in the production environment

* potential security problem:
if deployed under mod_perl, the apache daemon needs write permissions to 
the app's tmp directory


These are somewhat random thoughts about this issue.
I was going to write them down in the wiki but I thought I'd better 
discuss it on the list before polluting the public site with something 
potentially wrong.


-- 
Marcello Romani
Developer
Spin s.r.l.
Reggio Emilia
http://www.spinsoft.it