On Thursday 19 May 2011 16:59:57 Brian E. Lozier wrote:
On Thu, May 19, 2011 at 8:14 AM, David Precious <davidp@preshweb.co.uk>
This wasn't well documented in Dancer::Config; it is now.
I don't see much about sessions in Dancer::Config. It just tells you you can enable sessions with the session engine.
Sorry, I wasn't very clear in my last mail - what I meant by "it is now" is "I've just improved that documentation and pushed it to GitHub" - so those improvements should be in the next stable release.
I think that's a global setting and not really what I'm talking about. If I'm completely missing something please correct me.
session_expires is indeed a global setting, but you could override it in a before handler, say: before sub { if (param->{keep_me_logged_in}) { setting session_expires => '1 year'; } else { setting session_expires => '3 hours'; }; (I think that should work) It could actually make sense to use the new hooks support to add a before_session_create hook, which would give you the opportunity to add code that runs before the session is created.
The problem (that may not be a problem if I'm misunderstanding something) is that I can't set the expire time of these session cookies on a per-request basis. Dancer creates the session cookies before I even have a chance to do anything.
The above could help, but certainly isn't perfect.
Dancer sessions are nice but the interface to them is too limited and the fact that they are created all the time, instead of just when needed, is problematic for me. I would like one that only creates the session when session() is used and session() should take an argument for client-side cookie expiration.
Agreed. session_expires: 'session' to indicate that cookies should be valid only for the browser session would seem to make sense. Also, if a session expiry time is set with session_expires, the session's expiry time should be stored in the session itself, and checked when the session is loaded. This needs a bit of work to make it more flexible, but is something I think we need to do. Cheers Dave P -- David Precious <davidp@preshweb.co.uk> (bigpresh) http://www.preshweb.co.uk/ "Programming is like sex. One mistake and you have to support it for the rest of your life". (Michael Sinz)