[Catalyst-dev] [RFC] Catalyst::Plugin::Session

John Wang johncwang at gmail.com
Tue Oct 17 23:26:33 CEST 2006


A while ago there was a dev vote on C::P::Session to turn on IP address
verification by default. If a session's IP address does not match what was
previously recorded, the session is deleted. This is the default in
C::P::Session v0.13.

Since then there has been some dicussion that it would be better if IP
address verification was off by default. This is due to (a) many situations
where an IP address may change, AOL users, dynamic IPs, Internet cafes, etc.
and (b) users and devs get confused when the sessions are deleted. This has
come up on the #catalyst IRC channel a few times. Because there are
consequences for turning on IP address verification, it seems more user
friendly to require a dev turn it on explicitly where the person probably
understands the consequences rather than having it turned on by default and
sessions "mysteriously" disappearing.

What do people think? Should we reset the C::P::Session to turn IP address
verification off by default?

-- 
John Wang
http://www.dev411.com/blog/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.rawmode.org/pipermail/catalyst-dev/attachments/20061017/c73923e1/attachment.htm 


More information about the Catalyst-dev mailing list