On Thu, Feb 14, 2008 at 2:01 AM, titetluc titetluc <[EMAIL PROTECTED]> wrote: > All of these modules propose an expiration mechanism, but they do not > propose a mechanism to automatically destroy session at expiration (this is > what I call a "callback" mechanism). > This implies that the session destruction has to be called explicitly.
No, mod_auth_tkt simply uses cookies so there is nothing to destroy, CHI will automatically stop returning expired data, Apache::SessionManager will automatically stop returning expired sessions. No explicit checks are required. The only suggestion that requires you to check if a session is expired is storing a timestamp in a session yourself. > For example, > session_create(inactivity => 30, callback => sub{print "Session > automagically destroyed";}) > > There would be no need to call a session_delete function !! What is it that you're concerned about here? Do you have code that you need to run when a session expires? Or are you just worried about running out of disk space? - Perrin