[Catalyst-dev] [RFC] Catalyst::Plugin::Session

Wade.Stuart at fallon.com Wade.Stuart at fallon.com
Tue Oct 17 23:37:22 CEST 2006







catalyst-dev-bounces at lists.rawmode.org wrote on 10/17/2006 04:26:33 PM:

> A while ago there was a dev vote on C::P::Session to turn on IP
> address verification by default. If a session's IP address does not
> match what was previously recorded, the session is deleted. This is
> the default in C::P::Session v0.13.
>
> Since then there has been some dicussion that it would be better if
> IP address verification was off by default. This is due to (a) many
> situations where an IP address may change, AOL users, dynamic IPs,
> Internet cafes, etc. and (b) users and devs get confused when the
> sessions are deleted. This has come up on the #catalyst IRC channel
> a few times. Because there are consequences for turning on IP
> address verification, it seems more user friendly to require a dev
> turn it on explicitly where the person probably understands the
> consequences rather than having it turned on by default and sessions
> "mysteriously" disappearing.
>
> What do people think? Should we reset the C::P::Session to turn IP
> address verification off by default?
>

I vote off by default -- it is only useful in circumstances where you have
control over the complete environment and those tend to be limited.

Wade




More information about the Catalyst-dev mailing list