[Catalyst] Announcement - New session plugins
Perrin Harkins
perrin at elem.com
Tue Nov 8 17:37:44 CET 2005
On Tue, 2005-11-08 at 06:57 -0800, Bill Moseley wrote:
> On Tue, Nov 08, 2005 at 09:32:24AM -0500, Perrin Harkins wrote:
> > The way I've seen it done is to use both cookies and URL rewriting on
> > the first request, and then just turn off URL rewriting on the second
> > request if a cookie is found.
>
> Right, except the point of the second request is to clean up the URL,
> so the session never really shows up in the clients url window.
That doesn't sound like a big deal to me. If you're going to allow URL-
based tracking at all, you are presumably okay with users seeing this.
> If you have a session that times out due to inactivity don't you need
> to write the session every request anyway?
That depends on how fine-grained your timeout is. If you need the sort
of thing you described where you time people out after 10 mins for
security reasons, then yes, you need to write the session on every
request. If your app does not require that level of security, and you
are really just cleaning up sessions to avoid endless database table
growth, killing any that haven't been touch in 24 hours is usually fine,
and constant writes aren't necessary.
- Perrin
More information about the Catalyst
mailing list