[Catalyst] Unnecessary session writes
Bill Moseley
moseley at hank.org
Tue Dec 30 00:12:22 GMT 2008
On Mon, Dec 29, 2008 at 06:10:34PM +0000, Tomas Doran wrote:
>
> Session handling could do with refactoring as-per the authentication
> plugins, so that the store and state were not plugins themselves, this
> would make things a lot 'nicer'.
>
> However, in the shorter term, providing people with a way to change the
> default behaviors would go a long way.
I'll try and find some time to look at it. There's other issues --
I've had a few problems with the session code over time, and discussed
often with nothingmuch and posted a few orphaned patches.
Two I just came across in the last week are it throwing an exception on
invalid session id (instead of just ignoring like a missing one), and
the "cookie_secure" feature that indeed sets the cookie as "secure"
but doesn't prevent it from being sent in a non-SSL session back to
the client, kind of defeating the purpose.
--
Bill Moseley
moseley at hank.org
Sent from my iMutt
More information about the Catalyst
mailing list