So my dilema is this: Sessions and individual pieces of session data can have independent expiration times, but it seems that cookies are all or nothing. You can't have an individual parameter of a cookie expire independently of the rest of the cookie can you? I want to have a fairly persistent cookie so that I'll remember my user for some time, but I want the login flag to die based either on time or on browser shutdown. Does that need to involve two seperate cookies - one for user identification with a persistent expiration that is associated with server side session data and session based login flag, and another cookie that tracks another login flag and dies on browser shutdown. Then I would end up with something like. User comes to site. A 3 month persistent cookie identifies them to me, and I greet with customized login page. User logs in, and I retrieve profile, cart etc. from database. User's session is set to expire in 3 months, their login flag is turned on and set to expire in 15 minutes. A new cookie with no expiration set (so that it expires when the browser closes) is set as a second login flag. Now during the session both my server side login flag, and my expiring-on-shutdown cookie are required for run mode authentication. If the brower shuts down the cookie expires and the user has to re-login. If the browser stays open, but is inactive for 15 minutes then the session flag expires, and the user has to re-login. Am I on track here, or are there easier ways to do this?
Barry Cees Hek wrote:
On 8/16/05, Barry Moore <suppressed> wrote:If you're on Windows or something else without /tmp edit the line 16 of the cgiapp module to something like this: CGI_SESSION_OPTIONS => ["driver:File", $self->query, {Directory => "C:\\"}],I know this doesn't have anything to do with what your are writing about, but I thought I'd throw out a little helpful hint for portability sake. If you want to make this work on all systems, use the File::Spec library (comes standard with perl), and look for the tmpdir method. It will return a valid temporary directory for the platform that you are running on. File::Spec->tmpdir And interestingly enough, the options for CGI::Application::Plugin::Session that you are using in your code are actually the same as the defaults it provides (except that the plugin uses the File::Spec->tmpdir method to figure out the temporary directory). So you could have just configured your session like this: $self->session_config( COOKIE_PARAMS => {-expires => '+24h',}, SEND_COOKIE => 1 ); And since the latest release, CGI::Application::Plugin::Session can automatically set the expiry date on the session for you, which then also adds the same expiry date to the outgoing cookie. So you coulduse the DEFAULT_EXPIRY option instead of the COOKIE_PARAMS method. And SEND_COOKIE is on by default so you don't need it either :)$self->session_config( DEFAULT_EXPIRY => '+24h', ); That will create file based sessions in a temp dir consistent with the platform you are running on, and it will set all new sessions to expire in 24 hours, and automatically send a cookie that also expires in 24 hours. Cheers, Cees ps for what it is worth, I do authentication in a very similar way as in your code, except that I do the authentication through CGI::Session::Auth (for now). But the structure (doing the checks in prerun, etc...) is very similar. There, that brings us back on topic ;)
-- Barry Moore Dept. of Human Genetics University of Utah Salt Lake City, UT
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.