> In previous versions of webware (0.8.1), when a session expires the
> method Application.handleInvalidSession() was called, which basically
> removes the _SID_ reference so the browser will stop requesting an
> invalid session, and marks request._sessionExpired. So, I could ask
> for the variable request._sessionExpired to realize whether or not
> this request originally contained an expired session. ...
> Now, in webware 0.9.1, the method Application.handleInvalidSession()
> has disappear and no one updates the _sessionExpired attribute of the
You're right. I found that Application.handleInvalidSession() was
removed in March 2003 when Ian made a big rewrite of the Application
module putting things into URLParser, Request and Response. It seems he
forgot to reimplement handleInvalidSession().
The method isSessionExpired() returning the attribute _sessionExpired is
still there, but it is not set anywhere.
Also, I found that the 'IgnoreInvalidSession' setting is not evaluated
at all thought it is still documented in the config guide. The intent
was that you get an error when this parameter is set to True, otherwise
you have to check isSessionExpired() on your own. However, sessions are
now always silently recreated when they expire. Neither _sessionExpired
is set nor an error page is returned.
I have just checked in a small patch for setting _sessionExpired again.
I will also try to reimplement returning an error page for expired
sessions if IgnoreInvalidSession=False (the default is True). Maybe
instead of sending an error page, we should simply send a 408 Request