[Catalyst] Handling expired sessions gracefully
Toby Corkindale
toby.corkindale at strategicdata.com.au
Fri Jul 9 02:55:57 GMT 2010
On 09/07/10 00:53, Steve wrote:
> I've looked in the archives and tutorials but can't seem to find
> examples of handling expired sessions gracefully. I'm admittedly weak in
> the area of error checking, but I'm working on it :) Here are my questions:
> In what controller (Root.pm or MyApp.pm) and action should I check for
> an expired session? Should I check $c->user_exists or
> $c->session_expired (not sure if I have the correct accessor)? Once
> detected, do I forward, redirect, etc.?
How about something like this?
sub auto :Private { # or the head of your chain
my ($self, $c) = @_;
if (not $c->user_exists) {
$c->stash->{destination} = $c->request->path;
$c->detach('/login');
}
}
Then in your login method, redirect them back to {destination} if they
successfully authenticate; make sure to validate the path though, to
avoid exploits. (eg. Another site crafting a redirect link like
http://yoursite.com/login?destination=/confirm_payment/to/evil/hacker)
More information about the Catalyst
mailing list