FAQ
I want my sessions either to be long-lived (several months) or, at the
user's discretion, only last for the current browser session.
Achieving either of these is quite easy, but doing both in one app
appears a little trickier.

Am I missing something obvious?

It seems to me that the easiest way to implement this might be to add
a flag that can be saved to the session - 'browser_session_only' or
similar. This would then be checked by the
C::P::Session::State::Cookie code (for the individual session) and the
correct cookie expiry time set. Happy to provide patches/tests if this
is the way to go.

Or is there a better way?

Cheers,
Edmund.

PS: Note that setting a shorter ttl on just the '__user' key in the
stash using $c->session_expire_key( __user => 3600 ) will not do what
I want - which is to limit the cookie's lifetime to the current
browser session.

PPS: actually implementing what I want is quite simple. You could save
a random value to the session under the key 'browser_session_only' and
save the same value to a cookie with a lifetime set to the browser
session. In your 'auto' you'd then check for the value in the session
and if found check for it in the cookie. If there is a mismatch delete
the session. But I'd rather do it through the sessions code rather
than bolting it on the side.

--
Edmund von der Burg - evdb@ecclestoad.co.uk
mob: +44 7903 420 689
web: http://www.ecclestoad.co.uk/

Search Discussions

  • Bill Moseley at Apr 5, 2011 at 2:49 pm

    On Tue, Apr 5, 2011 at 7:16 AM, Edmund von der Burg wrote:

    I want my sessions either to be long-lived (several months) or, at the
    user's discretion, only last for the current browser session.
    Achieving either of these is quite easy, but doing both in one app
    appears a little trickier.
    I have used a separate remember me cookie that effectively will auto-login
    the user. That's very simple to implement. It doesn't save any session
    state that way, but avoiding the login is often what users are after rather
    than remembering the exact state of the session. Not sure how useful that
    would be for someone returning days later.



    --
    Bill Moseley
    moseley@hank.org
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20110405/d1dd6f28/attachment.htm
  • Sam Kaufman at Apr 6, 2011 at 5:13 am
    http://search.cpan.org/~mstrout/Catalyst-Plugin-Session-State-Cookie-0.17/lib/Catalyst/Plugin/Session/State/Cookie.pm
    "cookie_expires

    Number of seconds from now you want to elapse before cookie will
    expire. Set to 0 to create a session cookie, ie one which will die
    when the user's browser is shut down."
    Sounds pretty simple to me.


    On Tue, Apr 5, 2011 at 10:49 AM, Bill Moseley wrote:

    On Tue, Apr 5, 2011 at 7:16 AM, Edmund von der Burg wrote:

    I want my sessions either to be long-lived (several months) or, at the
    user's discretion, only last for the current browser session.
    Achieving either of these is quite easy, but doing both in one app
    appears a little trickier.
    I have used a separate remember me cookie that effectively will auto-login the user. ?That's very simple to implement. ?It doesn't save any session state that way, but avoiding the login is often what users are after rather than remembering the exact state of the session. ?Not sure how useful that would be for someone returning days later.

    --
    Bill Moseley
    moseley@hank.org

    _______________________________________________
    List: Catalyst@lists.scsys.co.uk
    Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
    Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
    Dev site: http://dev.catalyst.perl.org/
  • Edmund von der Burg at Apr 7, 2011 at 11:20 am

    On 6 April 2011 06:13, Sam Kaufman wrote:
    http://search.cpan.org/~mstrout/Catalyst-Plugin-Session-State-Cookie-0.17/lib/Catalyst/Plugin/Session/State/Cookie.pm
    "cookie_expires

    Number of seconds from now you want to elapse before cookie will
    expire. Set to 0 to create a session cookie, ie one which will die
    when the user's browser is shut down."
    Sounds pretty simple to me.
    That is a configuration parameter and so gets set at startup and is
    applied to all cookies from then on. I want to be able to change the
    expiry for an particular cookie so that some sessions persist and
    others don't.

    Cheers,
    Edmund
    On Tue, Apr 5, 2011 at 10:49 AM, Bill Moseley wrote:

    On Tue, Apr 5, 2011 at 7:16 AM, Edmund von der Burg wrote:

    I want my sessions either to be long-lived (several months) or, at the
    user's discretion, only last for the current browser session.
    Achieving either of these is quite easy, but doing both in one app
    appears a little trickier.
    I have used a separate remember me cookie that effectively will auto-login the user. ?That's very simple to implement. ?It doesn't save any session state that way, but avoiding the login is often what users are after rather than remembering the exact state of the session. ?Not sure how useful that would be for someone returning days later.

    --
    Bill Moseley
    moseley@hank.org

    _______________________________________________
    List: Catalyst@lists.scsys.co.uk
    Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
    Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
    Dev site: http://dev.catalyst.perl.org/
    _______________________________________________
    List: Catalyst@lists.scsys.co.uk
    Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
    Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
    Dev site: http://dev.catalyst.perl.org/


    --
    Edmund von der Burg - evdb@ecclestoad.co.uk
    mob: +44 7903 420 689
    web: http://www.ecclestoad.co.uk/
  • Eden Cardim at Apr 11, 2011 at 7:24 pm
    "Edmund" == Edmund von der Burg writes:
    Edmund> That is a configuration parameter and so gets set at startup and is
    Edmund> applied to all cookies from then on. I want to be able to change the
    Edmund> expiry for an particular cookie so that some sessions persist and
    Edmund> others don't.

    You can always manipulate the session cookies manually. Use
    $c->get_session_cookie, it returns a CGI::Simple::Cookie.

    --8<---------------cut here---------------start------------->8---
    ->config->{Plugin::Session::State::Cookie}{cookie_expires} = 0;

    $c->authenticate;
    $c->get_session_cookie->expires($ttl) if $remember_user;
    --8<---------------cut here---------------end--------------->8---

    Should do the trick.

    --
    Eden Cardim Need help with your Catalyst or DBIx::Class project?
    Code Monkey http://www.shadowcat.co.uk/catalyst/
    Shadowcat Systems Ltd. Want a managed development or deployment platform?
    http://blog.edencardim.com/ http://www.shadowcat.co.uk/servers/

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcatalyst @
categoriescatalyst, perl
postedApr 5, '11 at 2:16p
activeApr 11, '11 at 7:24p
posts5
users4
websitecatalystframework.org
irc#catalyst

People

Translate

site design / logo © 2022 Grokbase