Re: [Cgi-session-user] Regarding session expiry

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Note that I am not using the most current CGI::Session (using v4.14),
but I may have an idea about what is going on.

I tried duplicating Jahangir Mohammed's sample code on my web server,
and noticed that the load method seemed to be returning an unexpired
but empty session after the session expired.  I.e., got an unexpired
empty session the first run through, then got a real session if reloaded
before the expiry, but after waiting til the expiration clearly passed, 
load returned an unexpired but empty session.

Following Mark Stosberg's request for a Test::More style script, I
adapted my code and was surprised to find it passed everything without
problem.

I think the "issue" is that when CGI::Session header method creates its
cookie, it sets an expiration time on the cookie based on the session
expiry.  Which means that when I reload the page after waiting
for the expiration period to pass, the cookie in my browser should have
also expired.  The load method doesn't get a session id from the cookie
(at least if my browser if behaving properly), and so does not connect
my http request with the expired session but creates a new empty
session.  The standalone test script did not use cookies,  and so did
not have this problem.  The web based script worked as expected
(acknowledged the session as expired) when the session id passed as
a GET parameter.  Similarly worked as expected when I baked my own
cookie without the expiry and rolled my own header (simply following the
formula in the header method portion of the POD) 

I am not sure if this constitutes a bug, but the example code in the POD
for testing for expired sessions with load (which is what my and
Jahangir Mohammed's code seemed to be based on), is somewhat erroneous
because it used the CGI::Session header method, which sets the expiry on
the cookie.

-- 
Tom Payerle
Dept of Physics                         pa...@ph...
University of Maryland                  (301) 405-6973
College Park, MD 20742-4111             Fax: (301) 314-9525