[Catalyst] Session ID Strategies
Yuval Kogman
nothingmuch at woobling.org
Sat Jan 14 19:45:11 CET 2006
On Fri, Jan 13, 2006 at 12:55:50 +0900, islue wrote:
> I tried to modify C::P::S::State::URI and rewrited finalize() and
> session_should_rewrite_uri().
> I think it is more meaningful for session rewriting of URI now.
> Any comment or suggestion?
Sorry for taking so long to deal with this, I just had a pretty busy
weekend.
Anyway, my verdict:
* I think that parsing with an HTML parser is a Good Thing
* only if the content_type is text/html (i forgot if we check
that)
* Your should_rewrite_uri is a little too eager, I think - it
should still work for absolute URIs, since I expect most URIs
to be generated with $c->uri_for nowadays (or just uri_for()
with Catalyst::View::TT::FunctionGenerator, </spam>),
also it checks for path-absolute URIs starting with /, which
is not good - they should be checked for $c->req->base->path
instead (the application might be on the same host as
something else, and we don't want to confuse these).
If you'd like to discuss this further please meet up on IRC.
Ciao, and thanks!
--
() Yuval Kogman <nothingmuch at woobling.org> 0xEBD27418 perl hacker &
/\ kung foo master: /methinks long and hard, and runs away: neeyah!!!
More information about the Catalyst
mailing list