[Catalyst-commits] r9671 - in trunk/Catalyst-Plugin-Authentication: . lib/Catalyst/Plugin

t0m at dev.catalyst.perl.org t0m at dev.catalyst.perl.org
Thu Apr 9 21:38:42 GMT 2009 

Author: t0m
Date: 2009-04-09 22:38:42 +0100 (Thu, 09 Apr 2009)
New Revision: 9671

Modified:
   trunk/Catalyst-Plugin-Authentication/Changes
   trunk/Catalyst-Plugin-Authentication/lib/Catalyst/Plugin/Authentication.pm
Log:
Add doc notes

Modified: trunk/Catalyst-Plugin-Authentication/Changes
===================================================================
--- trunk/Catalyst-Plugin-Authentication/Changes	2009-04-08 22:49:15 UTC (rev 9670)
+++ trunk/Catalyst-Plugin-Authentication/Changes	2009-04-09 21:38:42 UTC (rev 9671)
@@ -1,5 +1,7 @@
 Revision history for Perl extension Catalyst::Plugin::Authentication
 
+      - Note about session auto-vification even when use_session is set
+        to false (robert).
       - Note about how a realms key used to be needed to unconfuse people
         running an old version, but browsing the docs on search.cpan (ruoso)
 

Modified: trunk/Catalyst-Plugin-Authentication/lib/Catalyst/Plugin/Authentication.pm
===================================================================
--- trunk/Catalyst-Plugin-Authentication/lib/Catalyst/Plugin/Authentication.pm	2009-04-08 22:49:15 UTC (rev 9670)
+++ trunk/Catalyst-Plugin-Authentication/lib/Catalyst/Plugin/Authentication.pm	2009-04-09 21:38:42 UTC (rev 9671)
@@ -807,9 +807,15 @@
 =item use_session
 
 Whether or not to store the user's logged in state in the session, if the
-application is also using L<Catalyst::Plugin::Session>. This 
+application is also using L<Catalyst::Plugin::Session>. This
 value is set to true per default.
 
+However, even if use_session is disabled, if any code touches $c->session, a session
+object will be auto-vivified and session Cookies will be sent in the headers. To
+prevent accidental session creation, check if a session already exists with
+if ($c->sessionid) { ... }. If the session doesn't exist, then don't place
+anything in the session to prevent an unecessary session from being created.
+
 =item default_realm
 
 This defines which realm should be used as when no realm is provided to methods

More information about the Catalyst-commits mailing list