On Tue, Mar 2, 2010 at 12:43 PM, Steve Kleiman <st...@prodhub.com> wrote:
> Using Catalyst::Plugin::Session with Session::State::Cookie. > > Would like to be able to poll server if the user's session has expired > WITHOUT extending the session itself. > > The objective is to have a javascript periodical executor check if a > session is expired and redirect user to a "Your session has expired" page if > appropriate. Could do it in javascript but would prefer doing it on server. > > Anyone tried this? > Yes, and here's a story from a month back. Our automated testing was randomly failing where all of the sudden the browser ended up at the login page as if the session had expired. After a bit of wasted developer time debugging, what it turned out is that the test process had gone to a page that spawned a second browser window and that widow was doing periodic AJAX requests to test if the session was alive. After spawning the window the main test window had continued and completed a test, then logged out and logged back in again with a new session ID and started another test pass. Then, some minutes later, the other window fired off the AJAX request explicitly testing the old session ID via a query parameter. It was no longer valid so the application created a new session id and set the cookie, which of course, reset the cookie for the entire browser. Then the tests that were running hit a page that required authorization in the session and redirected to the login page. The developer explained that the AJAX session check was needed to prevent a user from making a lot of changes in the client that could not be saved due to a an expires session. Not sure I see the logic there. Anyway -- the point is that you have to think about the possibility of an orphaned window sending off requests. -- Bill Moseley mose...@hank.org
_______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
