Persistent sessions
Ron Garret
ron at flownet.com
Fri Feb 14 18:05:16 UTC 2014
Huh??? The last click time is just a slot in the session object. It has nothing to do with the session ID or the cookie.
On Feb 14, 2014, at 9:44 AM, peter <p2.edoc at gmail.com> wrote:
> Given that the cookie is the product of md5-hexing the raw composite
> cookie data (in encode-session-string), there's no way to get the
> initial click (creation) time of the session (which is needed in
> order to ascertain whether the session has expired
> (session-too-old-p)).
>
> So presumably, like the session-ID, we'll need to carry the session
> start time externally (outside the md5-hexed part of the cookie).
>
> Are we thinking along the same rg?
>
> I'm puzzled that session persistence isn't a common requirement of hunchentoot.
>
> -peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://mailman.common-lisp.net/pipermail/tbnl-devel/attachments/20140214/011b9790/attachment.sig>
More information about the Tbnl-devel
mailing list