Hi all,
I'm writing a web application where security is an important concern.
How I would like the session handling to work is that if there is no
activity from the user in an hour, their session will expire, and if
they close their web browser, their cookie will be deleted. The first
part was very easy to impliment using CAP::Session, but I have not been
able to create a "session cookie" (one that is deleted when the user
closes the web browser) with the standard CAP::Session code.
As far as I can tell, CAP::Session will let you specify your own cookie
expiration time in COOKIE_PARAMS, and if you don't specify a time, it
will use the session expiration time if available. The problem with
this is that the way to create a session cookie is to leave the
expiration time blank and CAP::Session uses ||= to test if it should
substitute the session expiration time. I tried getting around this by
specifing ' ' (single space) for the expiration time. This worked in
Firefox, but not in Internet Explorer. What I ended up doing was
changing the code in the session_cookie sub of CAP::Session from:
$options{'-expires'} ||= _build_exp_time( $self->session->expires() )
if defined $self->session->expires();
to:
if(defined($self->session->expires()) &&
!defined($options{'-expires'})) {
$options{'-expires'} = build_exp_time( $self->session->expires()
);
}
And then setting -expires in COOKIE_PARAMS to ''. This worked
successfully in IE, Firefox, and Opera.
Am I understanding the issue correctly, and if so, could this change be
made in the next version of CAP::Session? Or, am I missing something
obvious again?
Thanks!
Curtis H.
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.