[Dancer-users] Custom Session Handler issues

David Precious davidp at preshweb.co.uk
Thu May 19 18:22:16 CEST 2011 

On Thursday 19 May 2011 16:59:57 Brian E. Lozier wrote:
> On Thu, May 19, 2011 at 8:14 AM, David Precious <davidp at preshweb.co.uk> 
> > This wasn't well documented in Dancer::Config; it is now.
> 
> I don't see much about sessions in Dancer::Config.  It just tells you
> you can enable sessions with the session engine.

Sorry, I wasn't very clear in my last mail - what I meant by "it is now" is 
"I've just improved that documentation and pushed it to GitHub" - so those 
improvements should be in the next stable release.


> I think that's a global setting and not really what I'm talking about.
>  If I'm completely missing something please correct me.

session_expires is indeed a global setting, but you could override it in a 
before handler, say:

before sub {
    if (param->{keep_me_logged_in}) {
        setting session_expires => '1 year';
    } else {
        setting session_expires => '3 hours';
};

(I think that should work)


It could actually make sense to use the new hooks support to add a 
before_session_create hook, which would give you the opportunity to add code 
that runs before the session is created.



> The problem (that may not be a problem if I'm misunderstanding
> something) is that I can't set the expire time of these session
> cookies on a per-request basis.  Dancer creates the session cookies
> before I even have a chance to do anything.  

The above could help, but certainly isn't perfect.


> Dancer sessions are nice but the interface to them is too limited and
> the fact that they are created all the time, instead of just when
> needed, is problematic for me.  I would like one that only creates the
> session when session() is used and session() should take an argument
> for client-side cookie expiration.

Agreed.

session_expires: 'session' to indicate that cookies should be valid only for 
the browser session would seem to make sense.

Also, if a session expiry time is set with session_expires, the session's 
expiry time should be stored in the session itself, and checked when the 
session is loaded.

This needs a bit of work to make it more flexible, but is something I think we 
need to do.

Cheers

Dave P

-- 
David Precious <davidp at preshweb.co.uk> (bigpresh)
http://www.preshweb.co.uk/

  "Programming is like sex. One mistake and you have to support 
  it for the rest of your life". (Michael Sinz)

More information about the Dancer-users mailing list