On Thu, Feb 14, 2008 at 2:01 AM, titetluc titetluc <[EMAIL PROTECTED]> wrote:
> All of these modules propose an expiration mechanism, but they do not
> propose a mechanism to automatically destroy session at expiration (this is
> what I call a "callback" mechanism).
> This implies that the session destruction has to be called explicitly.
No, mod_auth_tkt simply uses cookies so there is nothing to destroy,
CHI will automatically stop returning expired data,
Apache::SessionManager will automatically stop returning expired
sessions. No explicit checks are required. The only suggestion that
requires you to check if a session is expired is storing a timestamp
in a session yourself.
> For example,
> session_create(inactivity => 30, callback => sub{print "Session
> automagically destroyed";})
>
> There would be no need to call a session_delete function !!
What is it that you're concerned about here? Do you have code that
you need to run when a session expires? Or are you just worried about
running out of disk space?
- Perrin
