[Catalyst] Check session expiry without extending it
Bill Moseley
moseley at hank.org
Thu Mar 4 14:39:40 GMT 2010
On Tue, Mar 2, 2010 at 12:43 PM, Steve Kleiman <steve at prodhub.com> wrote:
> Using Catalyst::Plugin::Session with Session::State::Cookie.
>
> Would like to be able to poll server if the user's session has expired
> WITHOUT extending the session itself.
>
> The objective is to have a javascript periodical executor check if a
> session is expired and redirect user to a "Your session has expired" page=
if
> appropriate. Could do it in javascript but would prefer doing it on serve=
r.
>
> Anyone tried this?
>
Yes, and here's a story from a month back. Our automated testing was
randomly failing where all of the sudden the browser ended up at the login
page as if the session had expired.
After a bit of wasted developer time debugging, what it turned out is that
the test process had gone to a page that spawned a second browser window and
that widow was doing periodic AJAX requests to test if the session was
alive. After spawning the window the main test window had continued and
completed a test, then logged out and logged back in again with a new
session ID and started another test pass.
Then, some minutes later, the other window fired off the AJAX request
explicitly testing the old session ID via a query parameter. It was no
longer valid so the application created a new session id and set the cookie,
which of course, reset the cookie for the entire browser. Then the tests
that were running hit a page that required authorization in the session and
redirected to the login page.
The developer explained that the AJAX session check was needed to prevent a
user from making a lot of changes in the client that could not be saved due
to a an expires session. Not sure I see the logic there.
Anyway -- the point is that you have to think about the possibility of an
orphaned window sending off requests.
-- =
Bill Moseley
moseley at hank.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20100304/14819=
94c/attachment.htm
More information about the Catalyst
mailing list