[Catalyst] Unnecessary session writes
Tomas Doran
bobtfish at bobtfish.net
Tue Dec 16 18:20:43 GMT 2008
On 10 Dec 2008, at 22:25, Bill Moseley wrote:
> When Catalyst::Session fetches an existing session it records its
> "signature" which it then compare with the session data at the end
> of the request to decide if the session should be written.
>
<snip>
> So, if you look at the session every request, for example:
>
> # See if user has selected a language preference
> my $language = $c->session->{language} || 'en';
>
> Then if a session doesn't exist it will generate a new session id and
> store the empty session to the database (or whatever store you have).
> A bot could have fun inserting rows into your database.
That's not cool :(
> I'm using this instead:
That looks sensible.
Do you fancy writing a test for the issue so we can actually prove it
is gone?
Cheers
t0m
More information about the Catalyst
mailing list