On Feb 7, 2008, at 2:41 PM, Perrin Harkins wrote:
Sure, it's a building block. You build the expiration part on top of
it. Either you use a timestamp column in your database or you update
a timestamp in the session data. Then you check that to see if too
much time has passed.
You can certainly build it on something else, like CHI (the new cache
module interface). Or look at Apache::SessionManager or mod_auth_tkt
for built-in support.
I do the timestamp trick..
you overload apache::session to add a 'last accessed' timestamp
then you do one of 2 things:
a- write a daemon/cronjob/@job to clear old sessions
b- have your apache module run a session-clear every 1hr or so
( storing last-cleared on a file or memcache )
it's easy to do.
