On Mon, Dec 29, 2008 at 06:10:34PM +0000, Tomas Doran wrote: > > Session handling could do with refactoring as-per the authentication > plugins, so that the store and state were not plugins themselves, this > would make things a lot 'nicer'. > > However, in the shorter term, providing people with a way to change the > default behaviors would go a long way.
I'll try and find some time to look at it. There's other issues -- I've had a few problems with the session code over time, and discussed often with nothingmuch and posted a few orphaned patches. Two I just came across in the last week are it throwing an exception on invalid session id (instead of just ignoring like a missing one), and the "cookie_secure" feature that indeed sets the cookie as "secure" but doesn't prevent it from being sent in a non-SSL session back to the client, kind of defeating the purpose. -- Bill Moseley [email protected] Sent from my iMutt _______________________________________________ List: [email protected] Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
