Hi Graham, Thanks for giving me the opportunity to describe what I need to achieve. Here is what I can glean from my recent trail of breadcrumbs:
1. Configure the session cookie to be deleted when a browser is restarted, regardless of the session expiry. 2. Ability to utilize a session without renewing the expiry, and preferably have this controlled by the request so that the same url can either case the session to be renewed or not, and the client code can make that decision. 3. Have session expiry value exposed to cgi application, similar to HTTP_SESSION 4. Have a session cookie be immediately removed. (new) 5. Have a session be available if it already exists, but not be created if it does not yet exist. More specifically, don't create a session or session cookie if there is not already a session cookie. (new) 6. Solve the "double login problem" with mod_auth_session, in which attempting to log in with an expired session requires two login attempts for success. 7. Solve the "changed encryption key" problem, in which a changed SessionCryptoPassphrase does not cause a session encrypted with the old key to be replaced, thus preventing the use of the session. I can provide more details. So far I have solutions to all of these, but certainly may have gone about it the wrong way. Thanks again, Erik. On Fri, Jan 31, 2014 at 2:16 AM, Graham Leggett <minf...@sharp.fm> wrote: > On 30 Jan 2014, at 7:01 PM, Erik Pearson <e...@adaptations.com> wrote: > > On this specific sub-thread, you chose to single out a single topic. When > you asked "I'm not following the problem you're trying to solve.", I > chose to list the number of enhancements and bugs that I've encountered > over a few days of working on the mod_session and friends code. I'm sorry, > I didn't mean that to be taken as piling on, but merely to show that I've > thought and worked hard on this issue, that my concerns are not trivial, > and that this single issue (where the "name" for a session is configured) > is just one small part of a larger puzzle. > > > The trouble is you've described various technical changes you want to > make, but you haven't described in any way the problem you're trying to > solve. > > You hinted at one - the ability to access the session but without > refreshing it, for example during ajax calls. You'll very likely find what > you want to achieve is very simple, but until we know what you want to > achieve, we can't help you. > > Regards, > Graham > -- > > -- Erik Pearson Adaptations ;; web form and function
