[Catalyst] Announcement - New session plugins

Yuval Kogman nothingmuch at woobling.org
Tue Nov 8 10:16:00 CET 2005


On Mon, Nov 07, 2005 at 20:25:12 -0800, Bill Moseley wrote:
> On Tue, Nov 01, 2005 at 10:48:37PM +0200, Yuval Kogman wrote:
> > 	use Catalyst qw/Session Session::Store::FastMmap Session::State::Cookie/
> 
> There's a few options I'm looking for here.  At least I think I'm
> looking for.
> 
> - I'd like the option in Session::State::Cookie to *not* set
> expires on the cookie.  I'd like the action of closing the client to
> drop the session.  Or is there a better way to handle the requirement
> for sessions to vanish when the client is closed?

Technically this is problematic: The browser will never notify the
server when the session data expires, causing a storage leak
(references to the session ID will be lost on browser close, but the
store can't know that).

Can anybody with more web-smarts than me figure out what is the best
policy for this?

> - Cookies enabled detection.  I suppose I could do that in my app
> class auto method, but might be nice for the plugin to do the
> detection.

Hmm... This part is kind of tricky since it cannot be done in one
request - the client must be told to save a cookie, and this cookie
must be asked for later.

With respect to this:

> - I'm not clear about the new design, but another option would be a
> a way to specify state fallback -- which would be fallback to a URL
> session if cookies are not available.  (For the rare cases where
> security isn't really an issue.)

I think the best option is to allow a checkbox on login that says
"use URI rewriting instead of cookies" with all the caveat info
mentioned to the user. Then, on login this flag will be added to
$c->{session}.

I'll write a State::Multiplex plugin that allows you to
conditionally select which state to use at finalize, and allows all
plugins to take a chance at prepare. There are some issues with NEXT
to resolve first, though - i'm not sure how to get around it.

I'll let you know if I manage anything, but it'll be later today.

-- 
 ()  Yuval Kogman <nothingmuch at woobling.org> 0xEBD27418  perl hacker &
 /\  kung foo master: /me tips over a cow: neeyah!!!!!!!!!!!!!!!!!!!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.rawmode.org/pipermail/catalyst/attachments/20051108/396db7da/attachment.pgp


More information about the Catalyst mailing list