[Catalyst] Session ID Strategies
Bill Moseley
moseley at hank.org
Thu Oct 13 23:42:31 CEST 2005
On Thu, Oct 13, 2005 at 02:49:29PM -0500, Cory Watson wrote:
> Perhaps I've not spent enough time looking, but I'm having a hard
> time finding how to properly throw a session id around. I've found
> the uri() method for cooking a URI to include the session id, but I
> don't see an easy way to get this into all my templates. I suppose I
> could write some type of macro that returned a URI...
You don't want to use cookies?
Catalyst::Plugin::Session::FastMmap handles most things -- it will
add the session id to the URL if you ask it to, IIRC. And rewrite
urls in your document. Just use $req->base to make your links and it
will include the session.
I don't think the module does cookie detection, though. Might be nice
to automatically turn on URL sessions if cookies are not available.
I do have a question about the module, though. I'm using it with
Catalyst::Plugin::Authentication::CDBI. An "expire" is set time on
the cookie (and on the FastMmap cache). I'm wondering if the cookie
should not have an expire so it will go away when the client exits.
Some people expect a logout if they close their browser.
Then use a separate cookie to store userid to remember the user (but
require a re-login if needed).
Curious how others do all this.
I'm also setting a time they actually logged in, and even not allowing
some actions after some period of time without retyping their
password.
--
Bill Moseley
moseley at hank.org
More information about the Catalyst
mailing list