Furthermore, I just looked at my database logs and saw that a mere
read-access of a session is enough to trigger a writing of the session
data to the session store.
This is wrong, as well.
On 03/03/2013 07:44 PM, David Golden wrote:
context->destroy_session
There is a "bug" in the sense that sessions are instantiated as soon
as you request them. So the mere fact that you check
session("logged_in") or whatever creates a new session if none exists.
This is issue #155 in github. Ideally sessions would only be
instantiated when a value is set.
David
On Sun, Mar 3, 2013 at 11:49 AM, Punter <[email protected]> wrote:
Plus there's no session->destroy method, so how can I log out a user
properly?
On 03/03/2013 06:02 PM, Punter wrote:
What if a website's ethical policy is that it doesn't track users after
they've logged-out?
How can it prove that to the users, if it installs a new cookie then?
On 03/03/2013 05:55 PM, Rik Brown wrote:
That sounds like it's working correctly. You got a new empty session and
a cookie for it. I don't think it's expected that you won't get a cookie
if your session is empty.
Cheers,
Rik
Sent from my phone.
On 3 Mar 2013 15:53, "Punter" <[email protected]
<mailto:[email protected]>> wrote:
Ok.
I went to the Database and deleted the session for which I had a
cookie, and next time I loaded a page I got ANOTHER cookie, for a
new (empty) session.
This, I believe, is a bug.
On 03/03/2013 01:42 PM, David Precious wrote:
On Sun, 03 Mar 2013 02:29:47 +0200
Punter <[email protected] <mailto:[email protected]>> wrote:
Now whenever I do a page any view, I get a "this website
wants to set
a cookie" message
It shouldn't be like that. If cookie values don't change,
then they
should only be set once.
Except that, if you don't send the Set-Cookie header again each
time,
the cookie's expiration can't be updated - most people want a
session
expiry to be extended with each request, so it times out the
right
amount of time after the last request, rather than the last time
the
session data was updated.
I think this is quite common and correct behaviour.
_________________________________________________
dancer-users mailing list
[email protected] <mailto:[email protected]>
http://lists.preshweb.co.uk/__mailman/listinfo/dancer-users
<http://lists.preshweb.co.uk/mailman/listinfo/dancer-users>
_______________________________________________
dancer-users mailing list
[email protected]
http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
_______________________________________________
dancer-users mailing list
[email protected]
http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
_______________________________________________
dancer-users mailing list
[email protected]
http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
