Skip Menu |

This queue is for tickets about the Catalyst-Plugin-Session CPAN distribution.

Report information
The Basics
Id: 33827
Status: new
Priority: 0/
Queue: Catalyst-Plugin-Session

People
Owner: Nobody in particular
Requestors: mods [...] hank.org
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: 0.19
Fixed in: (no value)



Subject: Premature Expiry
The session sets and "expires" store entry every request to extended the session, but the "session" entry is only updated when modified. If the store has its own expiry and the "session" is not written to often (say only upon first login but not every request) then the session may be prematurely lost. This is not very apparent if the session expires setting is large enough such that in that amount of time the session data would be updated (or no user would use the application that long). But, if the time is small enough (say to force a log out for inactivity after only a few minutes) then users will be dropped. See: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/#01986 I assume the reason for a separate "expires" store entry is to avoid the need to save the session every request (because it's more data??). Or that it was assumed that any store would NOT have its one expiry mechanism that would expire the "session" store entry. I'm not sure it needs a separate "expires" store. Perhaps the expires value should be set very large and the application would use a much shorter value inside the session and have its own code for deleting the session. But, again, would not need a separate "expires" store entry. Another approach would be a large value for the "session" and a shorter expires value for the "expires" store entry. But, that's more of a hack than a solution.