[Catalyst] Limiting flash to a specific request
Bill Moseley
moseley at hank.org
Fri Oct 12 19:13:56 GMT 2007
On Fri, Oct 12, 2007 at 12:42:10PM -0500, Dave Rolsky wrote:
>
> I'm doing something very similar, except I just the session itself, and
> it's my _only_ use of sessions.
>
> In my case, I just put the session id in the URI. Sessions never contain
> sensitive info, and they expire after 5 minutes, so I'm not too worried
> about the security issue.
No cookie to store a global session id? That is, your session id is
page specific? (Is there a term for the path that a page follows?
"Web Thread"? ;) )
> The main reason I did things the way I did was to aim for a RESTful
> interface. My URIs always represent something specific ("login form" or
> "login form plus session X") and repeatable.
>
> For other things I might've previously stuck in a session (like searches,
> paging, etc) I just stick it in the URI, again to be RESTful. This also
> has the bonus that users will be able to bookmark searches and such
> easily, which is nice.
One feature I'm toying with is the "undo" action (as discussed July
25) so that after a POST and update and then a redirect I get a
message "Record updated - undo". So that message must be shown
to the correct browser window, plus the link to the undo action has to
reference a specific undo operation. Two windows could have
concurrent pending "undo" actions.
I'm not thrilled about the "undo" feature as some future actions may
make previous stored undo actions not possible.
> I'm planning to write up how I did this and post it on my use Perl journal
> at some point. It's nothing revolutionary, but it might be of interest to
> others.
Yes, I'm sure it would be.
Thanks,
--
Bill Moseley
moseley at hank.org
More information about the Catalyst
mailing list