[Catalyst] Implementing a 'remember me on this computer' button

Edmund von der Burg evdb at ecclestoad.co.uk
Tue Apr 5 14:16:13 GMT 2011

I want my sessions either to be long-lived (several months) or, at the
user's discretion, only last for the current browser session.
Achieving either of these is quite easy, but doing both in one app
appears a little trickier.

Am I missing something obvious?

It seems to me that the easiest way to implement this might be to add
a flag that can be saved to the session - 'browser_session_only' or
similar. This would then be checked by the
C::P::Session::State::Cookie code (for the individual session) and the
correct cookie expiry time set. Happy to provide patches/tests if this
is the way to go.

Or is there a better way?


PS: Note that setting a shorter ttl on just the '__user' key in the
stash using $c->session_expire_key( __user => 3600 ) will not do what
I want - which is to limit the cookie's lifetime to the current
browser session.

PPS: actually implementing what I want is quite simple. You could save
a random value to the session under the key 'browser_session_only' and
save the same value to a cookie with a lifetime set to the browser
session. In your 'auto' you'd then check for the value in the session
and if found check for it in the cookie. If there is a mismatch delete
the session. But I'd rather do it through the sessions code rather
than bolting it on the side.

Edmund von der Burg - evdb at ecclestoad.co.uk
mob: +44 7903 420 689
web: http://www.ecclestoad.co.uk/

More information about the Catalyst mailing list