[Catalyst] Check session expiry without extending it

Bill Moseley moseley at hank.org
Thu Mar 4 14:39:40 GMT 2010

On Tue, Mar 2, 2010 at 12:43 PM, Steve Kleiman <steve at prodhub.com> wrote:

> Using Catalyst::Plugin::Session with Session::State::Cookie.
> Would like to be able to poll server if the user's session has expired
> WITHOUT extending the session itself.
> The objective is to have a javascript periodical executor check if a
> session is expired and redirect user to a "Your session has expired" page=
> appropriate. Could do it in javascript but would prefer doing it on serve=
> Anyone tried this?

Yes, and here's a story from a month back.  Our automated testing was
randomly failing where all of the sudden the browser ended up at the login
page as if the session had expired.

After a bit of wasted developer time debugging, what it turned out is that
the test process had gone to a page that spawned a second browser window and
that widow was doing periodic AJAX requests to test if the session was
alive.  After spawning the window the main test window had continued and
completed a test, then logged out and logged back in again with a new
session ID and started another test pass.

Then, some minutes later, the other window fired off the AJAX request
explicitly testing the old session ID via a query parameter.  It was no
longer valid so the application created a new session id and set the cookie,
which of course, reset the cookie for the entire browser.   Then the tests
that were running hit a page that required authorization in the session and
redirected to the login page.

The developer explained that the AJAX session check was needed to prevent a
user from making a lot of changes in the client that could not be saved due
to a an expires session.  Not sure I see the logic there.

Anyway -- the point is that you have to think about the possibility of an
orphaned window sending off requests.

-- =

Bill Moseley
moseley at hank.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20100304/14819=

More information about the Catalyst mailing list