Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Catalyst: Users

Extending session expiry time?

 

 

Catalyst users RSS feed   Index | Next | Previous | View Threaded


jester at panix

Feb 16, 2012, 10:13 AM

Post #1 of 6 (328 views)
Permalink
Extending session expiry time?

Using Catalyst::Plugin::Session, is there any way to extend a session
_longer_ than the expiry time I give in my conf file? The docs for
session_expire_key say it's only useful if _shorter_ than the default
expiry time.

The situation I'm trying to solve is basically that I have an app with
local and external users, and I'd like to make it so that users on the
internal network have permanent cookies, and thus don't have to re-login
all the time, but outside users have their sessions expire in an hour.

I suppose I could just set an infinite expiration in my conf file, and
then use session_expire_key to shorten the sessions for external users,
but that seems like the reverse of what I really want, which is to give
more rights to one group, not to give less rights to another.

Jesse Sheidlower

_______________________________________________
List: Catalyst [at] lists
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst [at] lists/
Dev site: http://dev.catalyst.perl.org/


paolino.gianrossi at gmail

Feb 16, 2012, 11:42 AM

Post #2 of 6 (318 views)
Permalink
Re: Extending session expiry time? [In reply to]

Hi Jesse,
what I do is (blatantly taken from CatalystX::SimpleLogin source)
something like

# in Login controller, and action login

my $parms = $c->request->body_parameters;

if ($c->authenticate({ username => $parms->{username},
password => $parms->{password}} )) {
$c->extend_session_expires(999999999999) if
$c->request->address =~ m/^192\.168/g; #or whatever way to determine local
network...
$c->response->redirect($c->uri_for_action('whatever/action'));
}
#....


HTH!

cheers
paolino

--
Paolo Gianrossi

(An unmatched left parenthesis
creates an unresolved tension
that will stay with you all day
-- xkcd



2012/2/16 Jesse Sheidlower <jester [at] panix>

>
> Using Catalyst::Plugin::Session, is there any way to extend a session
> _longer_ than the expiry time I give in my conf file? The docs for
> session_expire_key say it's only useful if _shorter_ than the default
> expiry time.
>
> The situation I'm trying to solve is basically that I have an app with
> local and external users, and I'd like to make it so that users on the
> internal network have permanent cookies, and thus don't have to re-login
> all the time, but outside users have their sessions expire in an hour.
>
> I suppose I could just set an infinite expiration in my conf file, and
> then use session_expire_key to shorten the sessions for external users,
> but that seems like the reverse of what I really want, which is to give
> more rights to one group, not to give less rights to another.
>
> Jesse Sheidlower
>
> _______________________________________________
> List: Catalyst [at] lists
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst [at] lists/
> Dev site: http://dev.catalyst.perl.org/
>


jester at panix

Feb 17, 2012, 2:54 AM

Post #3 of 6 (314 views)
Permalink
Re: Extending session expiry time? [In reply to]

On Thu, Feb 16, 2012 at 08:42:09PM +0100, Paolo Gianrossi wrote:
> Hi Jesse,
> what I do is (blatantly taken from CatalystX::SimpleLogin source)
> something like
>
> # in Login controller, and action login
>
> my $parms = $c->request->body_parameters;
>
> if ($c->authenticate({ username => $parms->{username},
> password => $parms->{password}} )) {
> $c->extend_session_expires(999999999999) if
> $c->request->address =~ m/^192\.168/g; #or whatever way to determine local
> network...
> $c->response->redirect($c->uri_for_action('whatever/action'));
> }
> #....

I'm afraid that this did not work. I did test to make sure the IP
address was being correctly matched, so I know that the
$c->extend_session_expires(999999999999) was executed. But the affected
users still had to log in after an hour of non-use.

Any other session experts have a thought?

Jesse Sheidlower

>
> HTH!
>
> cheers
> paolino
>
> --
> Paolo Gianrossi
>
> (An unmatched left parenthesis
> creates an unresolved tension
> that will stay with you all day
> -- xkcd
>
>
>
> 2012/2/16 Jesse Sheidlower <jester [at] panix>
>
> >
> > Using Catalyst::Plugin::Session, is there any way to extend a session
> > _longer_ than the expiry time I give in my conf file? The docs for
> > session_expire_key say it's only useful if _shorter_ than the default
> > expiry time.
> >
> > The situation I'm trying to solve is basically that I have an app with
> > local and external users, and I'd like to make it so that users on the
> > internal network have permanent cookies, and thus don't have to re-login
> > all the time, but outside users have their sessions expire in an hour.
> >
> > I suppose I could just set an infinite expiration in my conf file, and
> > then use session_expire_key to shorten the sessions for external users,
> > but that seems like the reverse of what I really want, which is to give
> > more rights to one group, not to give less rights to another.
> >
> > Jesse Sheidlower

_______________________________________________
List: Catalyst [at] lists
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst [at] lists/
Dev site: http://dev.catalyst.perl.org/


mitakaa at gmail

Feb 17, 2012, 3:03 AM

Post #4 of 6 (315 views)
Permalink
Re: Extending session expiry time? [In reply to]

As far as I know that feature is broken..
you can check the bug here:
https://rt.cpan.org/Public/Bug/Display.html?id=59595

What I usually do is after the login is successful I add:
$c->session->{remember} = 1 if $c->req->param('remember');

and then in MyApp.pm I override calculate_extended_session_expires like
that:

sub calculate_extended_session_expires {
my ($c, $prev) = @_;

if ($c->session->{remember_me}) {
return time() + 31536000;
}
else {
return $c->NEXT::calculate_extended_session_expires($prev);
}
}

That's working but I get some warnings that using NEXT:: is deprecated so
you probably could use some method modifier.

Cheers,
Dimitar

On Fri, Feb 17, 2012 at 11:54 AM, Jesse Sheidlower <jester [at] panix> wrote:

> On Thu, Feb 16, 2012 at 08:42:09PM +0100, Paolo Gianrossi wrote:
> > Hi Jesse,
> > what I do is (blatantly taken from CatalystX::SimpleLogin source)
> > something like
> >
> > # in Login controller, and action login
> >
> > my $parms = $c->request->body_parameters;
> >
> > if ($c->authenticate({ username => $parms->{username},
> > password => $parms->{password}} )) {
> > $c->extend_session_expires(999999999999) if
> > $c->request->address =~ m/^192\.168/g; #or whatever way to determine
> local
> > network...
> >
> $c->response->redirect($c->uri_for_action('whatever/action'));
> > }
> > #....
>
> I'm afraid that this did not work. I did test to make sure the IP
> address was being correctly matched, so I know that the
> $c->extend_session_expires(999999999999) was executed. But the affected
> users still had to log in after an hour of non-use.
>
> Any other session experts have a thought?
>
> Jesse Sheidlower
>
> >
> > HTH!
> >
> > cheers
> > paolino
> >
> > --
> > Paolo Gianrossi
> >
> > (An unmatched left parenthesis
> > creates an unresolved tension
> > that will stay with you all day
> > -- xkcd
> >
> >
> >
> > 2012/2/16 Jesse Sheidlower <jester [at] panix>
> >
> > >
> > > Using Catalyst::Plugin::Session, is there any way to extend a session
> > > _longer_ than the expiry time I give in my conf file? The docs for
> > > session_expire_key say it's only useful if _shorter_ than the default
> > > expiry time.
> > >
> > > The situation I'm trying to solve is basically that I have an app with
> > > local and external users, and I'd like to make it so that users on the
> > > internal network have permanent cookies, and thus don't have to
> re-login
> > > all the time, but outside users have their sessions expire in an hour.
> > >
> > > I suppose I could just set an infinite expiration in my conf file, and
> > > then use session_expire_key to shorten the sessions for external users,
> > > but that seems like the reverse of what I really want, which is to give
> > > more rights to one group, not to give less rights to another.
> > >
> > > Jesse Sheidlower
>
> _______________________________________________
> List: Catalyst [at] lists
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst [at] lists/
> Dev site: http://dev.catalyst.perl.org/
>


mitakaa at gmail

Feb 17, 2012, 3:42 AM

Post #5 of 6 (315 views)
Permalink
Re: Extending session expiry time? [In reply to]

Actually I've just checked the repository and seems that this bug is fixed:

http://dev.catalystframework.org/svnweb/Catalyst/revision?rev=14068

Could you confirm that you are using the latest C::P::Session and
extend_session_expires does not extend the session?

Cheers,
Dimitar

On Fri, Feb 17, 2012 at 12:03 PM, Dimitar Petrov <mitakaa [at] gmail> wrote:

> As far as I know that feature is broken..
> you can check the bug here:
> https://rt.cpan.org/Public/Bug/Display.html?id=59595
>
> What I usually do is after the login is successful I add:
> $c->session->{remember} = 1 if $c->req->param('remember');
>
> and then in MyApp.pm I override calculate_extended_session_expires like
> that:
>
> sub calculate_extended_session_expires {
> my ($c, $prev) = @_;
>
> if ($c->session->{remember_me}) {
> return time() + 31536000;
> }
> else {
> return $c->NEXT::calculate_extended_session_expires($prev);
> }
> }
>
> That's working but I get some warnings that using NEXT:: is deprecated so
> you probably could use some method modifier.
>
> Cheers,
> Dimitar
>
> On Fri, Feb 17, 2012 at 11:54 AM, Jesse Sheidlower <jester [at] panix>wrote:
>
>> On Thu, Feb 16, 2012 at 08:42:09PM +0100, Paolo Gianrossi wrote:
>> > Hi Jesse,
>> > what I do is (blatantly taken from CatalystX::SimpleLogin source)
>> > something like
>> >
>> > # in Login controller, and action login
>> >
>> > my $parms = $c->request->body_parameters;
>> >
>> > if ($c->authenticate({ username => $parms->{username},
>> > password => $parms->{password}} )) {
>> > $c->extend_session_expires(999999999999) if
>> > $c->request->address =~ m/^192\.168/g; #or whatever way to determine
>> local
>> > network...
>> >
>> $c->response->redirect($c->uri_for_action('whatever/action'));
>> > }
>> > #....
>>
>> I'm afraid that this did not work. I did test to make sure the IP
>> address was being correctly matched, so I know that the
>> $c->extend_session_expires(999999999999) was executed. But the affected
>> users still had to log in after an hour of non-use.
>>
>> Any other session experts have a thought?
>>
>> Jesse Sheidlower
>>
>> >
>> > HTH!
>> >
>> > cheers
>> > paolino
>> >
>> > --
>> > Paolo Gianrossi
>> >
>> > (An unmatched left parenthesis
>> > creates an unresolved tension
>> > that will stay with you all day
>> > -- xkcd
>> >
>> >
>> >
>> > 2012/2/16 Jesse Sheidlower <jester [at] panix>
>> >
>> > >
>> > > Using Catalyst::Plugin::Session, is there any way to extend a session
>> > > _longer_ than the expiry time I give in my conf file? The docs for
>> > > session_expire_key say it's only useful if _shorter_ than the default
>> > > expiry time.
>> > >
>> > > The situation I'm trying to solve is basically that I have an app with
>> > > local and external users, and I'd like to make it so that users on the
>> > > internal network have permanent cookies, and thus don't have to
>> re-login
>> > > all the time, but outside users have their sessions expire in an hour.
>> > >
>> > > I suppose I could just set an infinite expiration in my conf file, and
>> > > then use session_expire_key to shorten the sessions for external
>> users,
>> > > but that seems like the reverse of what I really want, which is to
>> give
>> > > more rights to one group, not to give less rights to another.
>> > >
>> > > Jesse Sheidlower
>>
>> _______________________________________________
>> List: Catalyst [at] lists
>> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>> Searchable archive:
>> http://www.mail-archive.com/catalyst [at] lists/
>> Dev site: http://dev.catalyst.perl.org/
>>
>
>


jester at panix

Feb 17, 2012, 6:59 AM

Post #6 of 6 (321 views)
Permalink
Re: Extending session expiry time? [In reply to]

I can confirm that with the latest C::P::Session, using
extend_session_expires in the login method _does not work_. However,
using your kludge of overriding calculate_extended_session_expires in
MyApp.pm _does_ work.

So I at least have a way to get it going for now, but it would be nice
to figure out how to get extend_session_expires to work directly.

Jesse

On Fri, Feb 17, 2012 at 12:42:51PM +0100, Dimitar Petrov wrote:
> Actually I've just checked the repository and seems that this bug is fixed:
>
> http://dev.catalystframework.org/svnweb/Catalyst/revision?rev=14068
>
> Could you confirm that you are using the latest C::P::Session and
> extend_session_expires does not extend the session?
>
> Cheers,
> Dimitar
>
> On Fri, Feb 17, 2012 at 12:03 PM, Dimitar Petrov <mitakaa [at] gmail> wrote:
>
> > As far as I know that feature is broken..
> > you can check the bug here:
> > https://rt.cpan.org/Public/Bug/Display.html?id=59595
> >
> > What I usually do is after the login is successful I add:
> > $c->session->{remember} = 1 if $c->req->param('remember');
> >
> > and then in MyApp.pm I override calculate_extended_session_expires like
> > that:
> >
> > sub calculate_extended_session_expires {
> > my ($c, $prev) = @_;
> >
> > if ($c->session->{remember_me}) {
> > return time() + 31536000;
> > }
> > else {
> > return $c->NEXT::calculate_extended_session_expires($prev);
> > }
> > }
> >
> > That's working but I get some warnings that using NEXT:: is deprecated so
> > you probably could use some method modifier.
> >
> > Cheers,
> > Dimitar
> >
> > On Fri, Feb 17, 2012 at 11:54 AM, Jesse Sheidlower <jester [at] panix>wrote:
> >
> >> On Thu, Feb 16, 2012 at 08:42:09PM +0100, Paolo Gianrossi wrote:
> >> > Hi Jesse,
> >> > what I do is (blatantly taken from CatalystX::SimpleLogin source)
> >> > something like
> >> >
> >> > # in Login controller, and action login
> >> >
> >> > my $parms = $c->request->body_parameters;
> >> >
> >> > if ($c->authenticate({ username => $parms->{username},
> >> > password => $parms->{password}} )) {
> >> > $c->extend_session_expires(999999999999) if
> >> > $c->request->address =~ m/^192\.168/g; #or whatever way to determine
> >> local
> >> > network...
> >> >
> >> $c->response->redirect($c->uri_for_action('whatever/action'));
> >> > }
> >> > #....
> >>
> >> I'm afraid that this did not work. I did test to make sure the IP
> >> address was being correctly matched, so I know that the
> >> $c->extend_session_expires(999999999999) was executed. But the affected
> >> users still had to log in after an hour of non-use.
> >>
> >> Any other session experts have a thought?
> >>
> >> Jesse Sheidlower
> >>
> >> >
> >> > HTH!
> >> >
> >> > cheers
> >> > paolino
> >> >
> >> > --
> >> > Paolo Gianrossi
> >> >
> >> > (An unmatched left parenthesis
> >> > creates an unresolved tension
> >> > that will stay with you all day
> >> > -- xkcd
> >> >
> >> >
> >> >
> >> > 2012/2/16 Jesse Sheidlower <jester [at] panix>
> >> >
> >> > >
> >> > > Using Catalyst::Plugin::Session, is there any way to extend a session
> >> > > _longer_ than the expiry time I give in my conf file? The docs for
> >> > > session_expire_key say it's only useful if _shorter_ than the default
> >> > > expiry time.
> >> > >
> >> > > The situation I'm trying to solve is basically that I have an app with
> >> > > local and external users, and I'd like to make it so that users on the
> >> > > internal network have permanent cookies, and thus don't have to
> >> re-login
> >> > > all the time, but outside users have their sessions expire in an hour.
> >> > >
> >> > > I suppose I could just set an infinite expiration in my conf file, and
> >> > > then use session_expire_key to shorten the sessions for external
> >> users,
> >> > > but that seems like the reverse of what I really want, which is to
> >> give
> >> > > more rights to one group, not to give less rights to another.
> >> > >
> >> > > Jesse Sheidlower
> >>
> >> _______________________________________________
> >> List: Catalyst [at] lists
> >> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> >> Searchable archive:
> >> http://www.mail-archive.com/catalyst [at] lists/
> >> Dev site: http://dev.catalyst.perl.org/
> >>
> >
> >

> _______________________________________________
> List: Catalyst [at] lists
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst [at] lists/
> Dev site: http://dev.catalyst.perl.org/


_______________________________________________
List: Catalyst [at] lists
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst [at] lists/
Dev site: http://dev.catalyst.perl.org/

Catalyst users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.