[Catalyst] Session ID Strategies

Yuval Kogman nothingmuch at woobling.org
Sat Jan 14 19:45:11 CET 2006

On Fri, Jan 13, 2006 at 12:55:50 +0900, islue wrote:
> I tried to modify C::P::S::State::URI and rewrited finalize() and
> session_should_rewrite_uri().
> I think it is more meaningful for session rewriting of URI now.
> Any comment or suggestion?

Sorry for taking so long to deal with this, I just had a pretty busy

Anyway, my verdict:

	* I think that parsing with an HTML parser is a Good Thing
	* only if the content_type is text/html (i forgot if we check
	* Your should_rewrite_uri is a little too eager, I think - it
	  should still work for absolute URIs, since I expect most URIs
	  to be generated with $c->uri_for nowadays (or just uri_for()
	  with Catalyst::View::TT::FunctionGenerator, </spam>),
	  also it checks for path-absolute URIs starting with /, which
	  is not good - they should be checked for $c->req->base->path
	  instead (the application might be on the same host as
	  something else, and we don't want to confuse these).

If you'd like to discuss this further please meet up on IRC.

Ciao, and thanks!

 ()  Yuval Kogman <nothingmuch at woobling.org> 0xEBD27418  perl hacker &
 /\  kung foo master: /methinks long and hard, and runs away: neeyah!!!

More information about the Catalyst mailing list