[Catalyst] Handling expired sessions gracefully
David Schmidt
davewood at gmx.at
Fri Jul 9 06:30:36 GMT 2010
On Fri, Jul 9, 2010 at 4:55 AM, Toby Corkindale
<toby.corkindale at strategicdata.com.au> wrote:
> On 09/07/10 00:53, Steve wrote:
>>
>> I've looked in the archives and tutorials but can't seem to find
>> examples of handling expired sessions gracefully. I'm admittedly weak in
>> the area of error checking, but I'm working on it :) Here are my
>> questions:
>> In what controller (Root.pm or MyApp.pm) and action should I check for
>> an expired session? Should I check $c->user_exists or
>> $c->session_expired (not sure if I have the correct accessor)? Once
>> detected, do I forward, redirect, etc.?
>
> How about something like this?
>
> sub auto :Private { # or the head of your chain
> my ($self, $c) = @_;
> if (not $c->user_exists) {
> $c->stash->{destination} = $c->request->path;
> $c->detach('/login');
> }
> }
>
> Then in your login method, redirect them back to {destination} if they
> successfully authenticate; make sure to validate the path though, to avoid
> exploits. (eg. Another site crafting a redirect link like
> http://yoursite.com/login?destination=/confirm_payment/to/evil/hacker)
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
Checkout SimpleLogin. It does redirect after login and much more.
http://search.cpan.org/~bobtfish/CatalystX-SimpleLogin-0.12/lib/CatalystX/SimpleLogin.pm
More information about the Catalyst
mailing list