[Dancer-users] Controlling Session expire time

igor.bujna at post.cz igor.bujna at post.cz
Sun Mar 20 12:14:31 CET 2011


Hello,
my idea is make to Dancer::Sesion similary to CGI::Session.
Dancer Session has some potencional problems and i think Session must be rewriting to better using.
1) In sub write in Session.pm can rewrite ID. If you put something like 'session id => xxx' than now session id has name 'xxx'. I think programs can't change this ID name. 
2) In every called session method than this method initialize and read and next write to session file. I think that session must be only read before 'sub before' and save after 'sub after'. Not every called 'session'
3) Session expiring in cookie is bad idea. Expiring in cokie must be set, but we never trust to client side. We must save expiring time to session and check this on server side. 

I make simply patch for latest git version 1.3019_02 with this changes with documentation and test how can be used.

> ------------ Původní zpráva ------------
> Od: Brian E. Lozier <brian at massassi.com>
> Předmět: Re: [Dancer-users] Controlling Session expire time
> Datum: 15.3.2011 00:34:35
> ----------------------------------------
> Hmm, I dug into the actual code and found this in Dancer::Session::Abstract:
> 
>     if (my $expires = setting('session_expires')) {
>         $cookie{expires} =
>           Dancer::Cookie::_epoch_to_gmtstring(time + $expires);
>     }
> 
> It appears I can have a global timeout option in the settings.  This
> is useful although I think I need something a bit more flexible.  I
> need to be able to choose a session time out based on user input.  For
> example, if they check "remember me" I want the session to expire in 2
> weeks, otherwise just use a session cookie.
> 
> The write_session_id method is specifically mentioned as something I
> should not attempt to overload.  Does anyone have any ideas about how
> I can have a dynamic session timeout?
> 
> Thanks again,
> Brian
> 
> 
> On Mon, Mar 14, 2011 at 4:27 PM, Brian E. Lozier <brian at massassi.com> wrote:
> > When I use Dancer::Session::YAML to create a session, the session
> > cookie is set to expire when the browser closes.  Is there a way for
> > me to set an expire time for the session cookie?  I looked in
> > Dancer::Session, Dancer::Session::YAML, Dancer::Cookbook, and
> > Dancer::Session::Abstract but didn't see anything (maybe I missed it).
> >
> > Thanks,
> > Brian
> >
> _______________________________________________
> Dancer-users mailing list
> Dancer-users at perldancer.org
> http://www.backup-manager.org/cgi-bin/listinfo/dancer-users
> 
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: session.patch
Type: text/x-patch
Size: 26034 bytes
Desc: not available
URL: <http://www.backup-manager.org/pipermail/dancer-users/attachments/20110320/9cd7f4c9/attachment-0001.bin>


More information about the Dancer-users mailing list