user's discretion, only last for the current browser session.
Achieving either of these is quite easy, but doing both in one app
appears a little trickier.
Am I missing something obvious?
It seems to me that the easiest way to implement this might be to add
a flag that can be saved to the session - 'browser_session_only' or
similar. This would then be checked by the
C::P::Session::State::Cookie code (for the individual session) and the
correct cookie expiry time set. Happy to provide patches/tests if this
is the way to go.
Or is there a better way?
PS: Note that setting a shorter ttl on just the '__user' key in the
stash using $c->session_expire_key( __user => 3600 ) will not do what
I want - which is to limit the cookie's lifetime to the current
PPS: actually implementing what I want is quite simple. You could save
a random value to the session under the key 'browser_session_only' and
save the same value to a cookie with a lifetime set to the browser
session. In your 'auto' you'd then check for the value in the session
and if found check for it in the cookie. If there is a mismatch delete
the session. But I'd rather do it through the sessions code rather
than bolting it on the side.
Edmund von der Burg - email@example.com
mob: +44 7903 420 689