[Dancer-users] Controlling Session expire time

Brian E. Lozier brian at massassi.com
Tue Apr 12 16:36:38 CEST 2011

Hello Igor,

I was wondering if you were able to get this patch accepted into
Dancer, and if not, what I might do to help?  I really need to be able
to set session cookie expire times dynamically as the users of my app
should be able to check a "keep me logged in" box which requires me to
be able to dynamically set the session cookie client timeout.  I can
manage expiring sessions on the server.

Anyone else working with Dancer apps, do you have some other method of
allowing a user to stay logged in for a longer amount of time than
usual by checking a "remember me" or "keep me logged in" box?


2011/3/20  <igor.bujna at post.cz>:
> Hello,
> my idea is make to Dancer::Sesion similary to CGI::Session.
> Dancer Session has some potencional problems and i think Session must be rewriting to better using.
> 1) In sub write in Session.pm can rewrite ID. If you put something like 'session id => xxx' than now session id has name 'xxx'. I think programs can't change this ID name.
> 2) In every called session method than this method initialize and read and next write to session file. I think that session must be only read before 'sub before' and save after 'sub after'. Not every called 'session'
> 3) Session expiring in cookie is bad idea. Expiring in cokie must be set, but we never trust to client side. We must save expiring time to session and check this on server side.
> I make simply patch for latest git version 1.3019_02 with this changes with documentation and test how can be used.
>> ------------ Původní zpráva ------------
>> Od: Brian E. Lozier <brian at massassi.com>
>> Předmět: Re: [Dancer-users] Controlling Session expire time
>> Datum: 15.3.2011 00:34:35
>> ----------------------------------------
>> Hmm, I dug into the actual code and found this in Dancer::Session::Abstract:
>>     if (my $expires = setting('session_expires')) {
>>         $cookie{expires} =
>>           Dancer::Cookie::_epoch_to_gmtstring(time + $expires);
>>     }
>> It appears I can have a global timeout option in the settings.  This
>> is useful although I think I need something a bit more flexible.  I
>> need to be able to choose a session time out based on user input.  For
>> example, if they check "remember me" I want the session to expire in 2
>> weeks, otherwise just use a session cookie.
>> The write_session_id method is specifically mentioned as something I
>> should not attempt to overload.  Does anyone have any ideas about how
>> I can have a dynamic session timeout?
>> Thanks again,
>> Brian
>> On Mon, Mar 14, 2011 at 4:27 PM, Brian E. Lozier <brian at massassi.com> wrote:
>> > When I use Dancer::Session::YAML to create a session, the session
>> > cookie is set to expire when the browser closes.  Is there a way for
>> > me to set an expire time for the session cookie?  I looked in
>> > Dancer::Session, Dancer::Session::YAML, Dancer::Cookbook, and
>> > Dancer::Session::Abstract but didn't see anything (maybe I missed it).
>> >
>> > Thanks,
>> > Brian
>> >
>> _______________________________________________
>> Dancer-users mailing list
>> Dancer-users at perldancer.org
>> http://www.backup-manager.org/cgi-bin/listinfo/dancer-users
> _______________________________________________
> Dancer-users mailing list
> Dancer-users at perldancer.org
> http://www.backup-manager.org/cgi-bin/listinfo/dancer-users

More information about the Dancer-users mailing list