[Catalyst] Limiting flash to a specific request

Bill Moseley moseley at hank.org
Fri Oct 12 19:13:56 GMT 2007

On Fri, Oct 12, 2007 at 12:42:10PM -0500, Dave Rolsky wrote:
> I'm doing something very similar, except I just the session itself, and 
> it's my _only_ use of sessions.
> In my case, I just put the session id in the URI. Sessions never contain 
> sensitive info, and they expire after 5 minutes, so I'm not too worried 
> about the security issue.

No cookie to store a global session id?  That is, your session id is
page specific?  (Is there a term for the path that a page follows?
"Web Thread"? ;) )

> The main reason I did things the way I did was to aim for a RESTful 
> interface. My URIs always represent something specific ("login form" or 
> "login form plus session X") and repeatable.
> For other things I might've previously stuck in a session (like searches, 
> paging, etc) I just stick it in the URI, again to be RESTful. This also 
> has the bonus that users will be able to bookmark searches and such 
> easily, which is nice.

One feature I'm toying with is the "undo" action (as discussed July
25) so that after a POST and update and then a redirect I get a
message "Record updated - undo".  So that message must be shown
to the correct browser window, plus the link to the undo action has to
reference a specific undo operation.  Two windows could have
concurrent pending "undo" actions.

I'm not thrilled about the "undo" feature as some future actions may
make previous stored undo actions not possible.

> I'm planning to write up how I did this and post it on my use Perl journal 
> at some point. It's nothing revolutionary, but it might be of interest to 
> others.

Yes, I'm sure it would be.


Bill Moseley
moseley at hank.org

More information about the Catalyst mailing list