On Wed, Jul 23, 2008 at 09:47:57PM +0200, Daniel McBrearty wrote: >And what happens if they never hit log out? Or if their browser >crashes and then they try and log in again? >If you really need this feature, try it the other way around: if >someone logs in then you invalidate their first session. I used to work for a company that never deleted sessions - long history, and dumb assumptions about the reasons for keeping the records around... The suggestion mentioned above, deleting the first invalid session, doesn't solve the problem because it assumes EVERYONE will log back in. An expiration date should be set on any session. There are a number of options you can use to extend this expiration date, but the question posed is what to do with sessions where someone doesn't logout. Simple, each night you have a job run that does some database maintenance - simply delete the expired session records.
_______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
