[Catalyst] Announcement - New session plugins
Bill Moseley
moseley at hank.org
Tue Nov 8 15:57:11 CET 2005
On Tue, Nov 08, 2005 at 09:32:24AM -0500, Perrin Harkins wrote:
> The way I've seen it done is to use both cookies and URL rewriting on
> the first request, and then just turn off URL rewriting on the second
> request if a cookie is found.
Right, except the point of the second request is to clean up the URL,
so the session never really shows up in the clients url window.
> >- I may expire sessions in two hours, but if there's 5 or 10 minutes
> >of inactivity then I require a re-login to access more secure parts
> >of the site (like an admin area). So the session needs to track the
> >time between requests and set a flag when exceeds a setting.
>
> That one is a little painful, since it means updating the session on
> every request, rather than being able to lazy-load it and only save when
> changing something. Applications that don't require that level of
> security would probably rather not take the hit.
If you have a session that times out due to inactivity don't you need
to write the session every request anyway?
--
Bill Moseley
moseley at hank.org
More information about the Catalyst
mailing list