[Catalyst] Extending session expiry time?

Jesse Sheidlower jester at panix.com
Fri Feb 17 14:59:17 GMT 2012 

I can confirm that with the latest C::P::Session, using
extend_session_expires in the login method _does not work_. However,
using your kludge of overriding calculate_extended_session_expires in
MyApp.pm _does_ work.

So I at least have a way to get it going for now, but it would be nice
to figure out how to get extend_session_expires to work directly.

Jesse

On Fri, Feb 17, 2012 at 12:42:51PM +0100, Dimitar Petrov wrote:
> Actually I've just checked the repository and seems that this bug is fixed:
> 
> http://dev.catalystframework.org/svnweb/Catalyst/revision?rev=14068
> 
> Could you confirm that you are using the latest C::P::Session and
> extend_session_expires does not extend the session?
> 
> Cheers,
> Dimitar
> 
> On Fri, Feb 17, 2012 at 12:03 PM, Dimitar Petrov <mitakaa at gmail.com> wrote:
> 
> > As far as I know that feature is broken..
> > you can check the bug here:
> > https://rt.cpan.org/Public/Bug/Display.html?id=59595
> >
> > What I usually do is after the login is successful I add:
> > $c->session->{remember} = 1 if $c->req->param('remember');
> >
> > and then in MyApp.pm I override calculate_extended_session_expires like
> > that:
> >
> > sub calculate_extended_session_expires {
> >      my ($c, $prev) = @_;
> >
> >      if ($c->session->{remember_me}) {
> >          return time() + 31536000;
> >      }
> >      else {
> >          return $c->NEXT::calculate_extended_session_expires($prev);
> >      }
> > }
> >
> > That's working but I get some warnings that using NEXT:: is deprecated so
> > you probably could use some method modifier.
> >
> > Cheers,
> > Dimitar
> >
> > On Fri, Feb 17, 2012 at 11:54 AM, Jesse Sheidlower <jester at panix.com>wrote:
> >
> >> On Thu, Feb 16, 2012 at 08:42:09PM +0100, Paolo Gianrossi wrote:
> >> > Hi Jesse,
> >> >  what I do is (blatantly taken from CatalystX::SimpleLogin source)
> >> > something like
> >> >
> >> >  # in Login controller, and action login
> >> >
> >> >  my $parms = $c->request->body_parameters;
> >> >
> >> >  if ($c->authenticate({ username => $parms->{username},
> >> >                                    password => $parms->{password}} )) {
> >> >              $c->extend_session_expires(999999999999) if
> >> > $c->request->address =~ m/^192\.168/g; #or whatever way to determine
> >> local
> >> > network...
> >> >
> >>  $c->response->redirect($c->uri_for_action('whatever/action'));
> >> >   }
> >> >   #....
> >>
> >> I'm afraid that this did not work. I did test to make sure the IP
> >> address was being correctly matched, so I know that the
> >> $c->extend_session_expires(999999999999) was executed. But the affected
> >> users still had to log in after an hour of non-use.
> >>
> >> Any other session experts have a thought?
> >>
> >> Jesse Sheidlower
> >>
> >> >
> >> >   HTH!
> >> >
> >> > cheers
> >> > paolino
> >> >
> >> > --
> >> > Paolo Gianrossi
> >> >
> >> > (An unmatched left parenthesis
> >> >  creates an unresolved tension
> >> >  that will stay with you all day
> >> >                                    -- xkcd
> >> >
> >> >
> >> >
> >> > 2012/2/16 Jesse Sheidlower <jester at panix.com>
> >> >
> >> > >
> >> > > Using Catalyst::Plugin::Session, is there any way to extend a session
> >> > > _longer_ than the expiry time I give in my conf file? The docs for
> >> > > session_expire_key say it's only useful if _shorter_ than the default
> >> > > expiry time.
> >> > >
> >> > > The situation I'm trying to solve is basically that I have an app with
> >> > > local and external users, and I'd like to make it so that users on the
> >> > > internal network have permanent cookies, and thus don't have to
> >> re-login
> >> > > all the time, but outside users have their sessions expire in an hour.
> >> > >
> >> > > I suppose I could just set an infinite expiration in my conf file, and
> >> > > then use session_expire_key to shorten the sessions for external
> >> users,
> >> > > but that seems like the reverse of what I really want, which is to
> >> give
> >> > > more rights to one group, not to give less rights to another.
> >> > >
> >> > > Jesse Sheidlower
> >>
> >> _______________________________________________
> >> List: Catalyst at lists.scsys.co.uk
> >> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> >> Searchable archive:
> >> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> >> Dev site: http://dev.catalyst.perl.org/
> >>
> >
> >

> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/

More information about the Catalyst mailing list