[Catalyst-dev] Implementing a 'remember me on this computer'
button
Edmund von der Burg
evdb at ecclestoad.co.uk
Tue Apr 5 13:59:50 GMT 2011
On 5 April 2011 07:59, Boris G. Kolesnikov <kolesnikov.boris at gmail.com> wrote:
> http://search.cpan.org/~bobtfish/Catalyst-Plugin-Session-0.31/lib/Catalyst/Plugin/Session.pm#METHODS
>
> session_expire_key $key, $ttl
> Mark a key to expire at a certain time (only useful when shorter than
> the expiry time for the whole session).
>
> For example:
>
> __PACKAGE__->config('Plugin::Session' => { expires => 10000000000
> }); # "forever"
> (NB If this number is too large, Y2K38 breakage could result.)
>
> # later
>
> $c->session_expire_key( __user => 3600 );
>
> This is what you do in your code, in configuration you put it as long
> as possible, here you mark the shorted ttl value :)
Yeah - I thought you may have meant that. Except that doing that won't
change the cookie so that it gets deleted when the users quits the
browser. Anyone coming along within an hour of the last request on
that computer could start the browser and resume the session.
This is a problem that needs to be fixed on the cookie. A short TTL in
the session store is also a good idea but not sufficient.
I note I've probably posted this question to the wrong list. I'll
repost a clearer version on the general Catalyst list to get wider
opinions.
Cheers,
Edmund.
> 2011/4/4 Edmund von der Burg <evdb at ecclestoad.co.uk>:
>> On 4 April 2011 13:07, Boris G. Kolesnikov <kolesnikov.boris at gmail.com> wrote:
>>> Look up Catalyst::Plugin::Session - there's a method in there which is
>>> called in runtime.
>>
>> Please treat me as very stupid and point me at the method - I don't
>> seem to be able to work out which one you mean.
>>
>> Cheers,
>> Edmund.
>>
>>
>>> 2011/4/4 Edmund von der Burg <evdb at ecclestoad.co.uk>:
>>>> I want my sessions either to be long-lived (several months) or, at the
>>>> user's discretion, only last for the current browser session.
>>>> Achieving either of these is quite easy, but doing both in one app
>>>> appears a little trickier.
>>>>
>>>> Am I missing something obvious?
>>>>
>>>> It seems to me that the easiest way to implement this might be to add
>>>> a flag that can be saved to the session - 'browser_session_only' or
>>>> similar. This would then be checked by the
>>>> C::P::Session::State::Cookie code (for the individual session) and the
>>>> correct cookie expiry time set. Happy to provide patches/tests if this
>>>> is the way to go.
>>>>
>>>> Or is there a better way?
>>>>
>>>> Cheers,
>>>> Edmund.
>>>>
>>>> --
>>>> Edmund von der Burg - evdb at ecclestoad.co.uk
>>>> mob: +44 7903 420 689
>>>> web: http://www.ecclestoad.co.uk/
>>>>
>>>> _______________________________________________
>>>> Catalyst-dev mailing list
>>>> Catalyst-dev at lists.scsys.co.uk
>>>> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev
>>>>
>>>
>>> _______________________________________________
>>> Catalyst-dev mailing list
>>> Catalyst-dev at lists.scsys.co.uk
>>> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev
>>>
>>
>>
>>
>> --
>> Edmund von der Burg - evdb at ecclestoad.co.uk
>> mob: +44 7903 420 689
>> web: http://www.ecclestoad.co.uk/
>>
>
--
Edmund von der Burg - evdb at ecclestoad.co.uk
mob: +44 7903 420 689
web: http://www.ecclestoad.co.uk/
More information about the Catalyst-dev
mailing list