On 10 Dec 2008, at 22:25, Bill Moseley wrote:
When Catalyst::Session fetches an existing session it records its
"signature" which it then compare with the session data at the end
of the request to decide if the session should be written.
<snip>
So, if you look at the session every request, for example:
# See if user has selected a language preference
my $language = $c->session->{language} || 'en';
Then if a session doesn't exist it will generate a new session id and
store the empty session to the database (or whatever store you have).
A bot could have fun inserting rows into your database.
That's not cool :(
I'm using this instead:
That looks sensible.
Do you fancy writing a test for the issue so we can actually prove it
is gone?
Cheers
t0m
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
