<p>There's no point putting in an expired cookie.</p>
<p>Expired cookies should only be used to signal cookie deletion when a session is destroyed or no longer valid.</p>
<p>The right answer is fixing the session keyword (and possibly the session accessor in Context) so that checking a session value when a session doesn't exist returns undef without creating a new session.</p>
<p>It's a trivial patch. Just no one has written it yet.</p>
<p> return unless context->has_session</p>
<p>How about less complaining and more contributing?</p>
<p>David</p>
<div class="gmail_quote">On Mar 3, 2013 6:01 PM, "Rik Brown" <<a href="mailto:rik@rikbrown.co.uk">rik@rikbrown.co.uk</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<blockquote type="cite"><blockquote type="cite"><div>That sounds like it's working correctly. You got a new empty session and</div><div>a cookie for it. I don't think it's expected that you won't get a cookie</div>
<div>if your session is empty.</div></blockquote><div><br></div><div><br></div><div>So Rik, what's the point of getting a new empty session and cookie for</div><div>it, instead of just a "negative" cookie (a set-cookie header with</div>
<div>negative time) </div></blockquote><div>Yeah you're right. It is probably better to put a "negative" cookie there if the session is non-existent/empty. I think I was going with a "that sounds like more code/more complexity than it's worth", but the privacy concerns (I've never cared about what cookies sites are throwing at me, for better or for worse) are fair enough I suppose.</div>
<div><blockquote type="cite"> and no session at all to waste space on the db?</blockquote><div>A smart session engine should probably not bother put any entries in the DB if the session is empty, but I take your point. </div>
</div>
</div>
<div><div><br></div><div>-- </div><div>Rik Brown</div><div><a href="http://www.rikbrown.co.uk" target="_blank">http://www.rikbrown.co.uk</a></div><div><br></div></div>
<p style="color:#a0a0a8">On Sunday, 3 March 2013 at 22:47, Punter wrote:</p>
<blockquote type="cite" style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px">
<span><div><div><div><br></div><div><br></div><div>On 03/03/2013 05:55 PM, Rik Brown wrote:</div><blockquote type="cite"><div><div>That sounds like it's working correctly. You got a new empty session and</div>
<div>a cookie for it. I don't think it's expected that you won't get a cookie</div><div>if your session is empty.</div></div></blockquote><div><br></div><div><br></div><div>So Rik, what's the point of getting a new empty session and cookie for </div>
<div>it, instead of just a "negative" cookie (a set-cookie header with </div><div>negative time) and no session at all to waste space on the db?</div><div>_______________________________________________</div><div>
dancer-users mailing list</div><div><a href="mailto:dancer-users@dancer.pm" target="_blank">dancer-users@dancer.pm</a></div><div><a href="http://lists.preshweb.co.uk/mailman/listinfo/dancer-users" target="_blank">http://lists.preshweb.co.uk/mailman/listinfo/dancer-users</a></div>
</div></div></span>
</blockquote>
<div>
<br>
</div>
<br>_______________________________________________<br>
dancer-users mailing list<br>
<a href="mailto:dancer-users@dancer.pm">dancer-users@dancer.pm</a><br>
<a href="http://lists.preshweb.co.uk/mailman/listinfo/dancer-users" target="_blank">http://lists.preshweb.co.uk/mailman/listinfo/dancer-users</a><br>
<br></blockquote></div>