[Catalyst-dev] [RFC] Catalyst::Plugin::Session

Gavin Henry ghenry at perl.me.uk
Wed Oct 18 09:09:37 CEST 2006


<quote who="John Wang">
> A while ago there was a dev vote on C::P::Session to turn on IP address
> verification by default. If a session's IP address does not match what was
> previously recorded, the session is deleted. This is the default in
> C::P::Session v0.13.
>
> Since then there has been some dicussion that it would be better if IP
> address verification was off by default. This is due to (a) many
> situations
> where an IP address may change, AOL users, dynamic IPs, Internet cafes,
> etc.
> and (b) users and devs get confused when the sessions are deleted. This
> has
> come up on the #catalyst IRC channel a few times. Because there are
> consequences for turning on IP address verification, it seems more user
> friendly to require a dev turn it on explicitly where the person probably
> understands the consequences rather than having it turned on by default
> and
> sessions "mysteriously" disappearing.
>
> What do people think? Should we reset the C::P::Session to turn IP address
> verification off by default?

I agree. Off by default.

Gavin.

>
> --
> John Wang
> http://www.dev411.com/blog/
> _______________________________________________
> Catalyst-dev mailing list
> Catalyst-dev at lists.rawmode.org
> http://lists.rawmode.org/mailman/listinfo/catalyst-dev
>




More information about the Catalyst-dev mailing list