[Catalyst] Limiting flash to a specific request

Dave Rolsky autarch at urth.org
Fri Oct 12 18:42:10 GMT 2007

On Fri, 12 Oct 2007, Bill Moseley wrote:

> Perhaps this is wandering back into the "sub-sessions" and continuations
> discussions, but I'm curious if anyone is using some method such as an
> additional query parameter to make sure that the data in the flash
> is going to the correct browser window.
> Perhaps something like:
>    $c->stash->{message} = 'Record Updated';
>    $c->persist_stash( qw/ message first_name other_stash_thing / );
>    $c->res->redirect( $c->uri_for( 'list' ) );
> And then in some finalize action place the stash items listed in the
> session based on some unique request ID and alter $c->res->redirect to
> include the request ID.
>    Location:  http://localhost:3000/foo/list?rid=abcde
> Then early in the request watch for the request id and when found
> initialize the stash with the saved items in the session.
> Is anyone doing something like this currently?  If so, I'm curious
> about the implementation.

I'm doing something very similar, except I just the session itself, and 
it's my _only_ use of sessions.

In my case, I just put the session id in the URI. Sessions never contain 
sensitive info, and they expire after 5 minutes, so I'm not too worried 
about the security issue.

> - How do you decided when an item stored this way is stale?
>  My initial implementation looks for and removes "old" items
>  when adding new items into the persistent stash.

Because my sessions expire quickly, this isn't an issue. If the session is 
expired, I just redirect the client to the same URI without the session 

> - What do you do if a request comes in with a "request id"
>  that is not found in the session?  (Similar problem to
>  a continuation request with an invalid continuation id.)

See above.

The main reason I did things the way I did was to aim for a RESTful 
interface. My URIs always represent something specific ("login form" or 
"login form plus session X") and repeatable.

For other things I might've previously stuck in a session (like searches, 
paging, etc) I just stick it in the URI, again to be RESTful. This also 
has the bonus that users will be able to bookmark searches and such 
easily, which is nice.

I'm planning to write up how I did this and post it on my use Perl journal 
at some point. It's nothing revolutionary, but it might be of interest to 


VegGuide.Org                        www.BookIRead.com
Your guide to all that's veg.       My book blog

More information about the Catalyst mailing list