> > It's fairly simple to track user login now. You can have an automatic > ping from the browser to the server that updates the session time. > Just put it in your template wrappers so you have some simple request > (even something like an action that renders an image, and a javascript > timer that reloads that image every X number of seconds). > > That way you can set your lockout time to a ridiculously low level so > the user doesn't have to wait for the session to clear. >
True, assuming you can count on javascript to be enabled on the client (you control the client software/settings, or don't care to support users that, either by choice, or cooperate policy can't enable js) and take the extra hits on your server(s) and db/session store for each idle client. Even with web 2.0 around there are still quite a few users that will not run js. > I think the points about the problem are perfectly valid though, it's > a hard problem to solve right, because "right" is very use case > specific and the protocol itself is the problem. Yep, all "solutions" have trade offs. If someone knows one that fits all I would be more then interested in hearing about it. _______________________________________________ List: [email protected] Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
