[Catalyst] C::P::Authentication IE Problem - Time Issue

Peter Edwards peter at dragonstaff.com
Tue Aug 28 00:44:01 GMT 2007

>I was experiencing a weird annoyance with C::P::Authentication today.  I 
>saw reports of similar symptoms in the list, but nobody with my 
>particular solution.  In Firefox everything was working fine, but in all 
>the IE browsers auth cookies weren't being stored.  Eventually I grabbed 
>a HTTP Session inspector to see how the cookies were being set.  The 
>expire time on the cookies was sent as GMT several hours in the past.  

What I've done before is send the server time as part of the login screen
and use some Javascript to warn if the server time is more than a set time
away from the client PC time. Sometimes it's server time drift, sometimes
client PC time drift. It's annoying that IE simply drops a historic cookie
without warning and then you think the user is typing the password wrong.

>As a side note, is there a way to control the session length of the 
>authentication cookie?
In your conf set: cookie_expires 
You can set session expiry with conf: expires
You also need to extend an expiring cookie by calling session_expires()
somewhere (e.g. in auto :Private in your main controller) to resend it
otherwise by default it times out after 2 hours.

Regards, Peter

More information about the Catalyst mailing list