in reply to Re^6: CGI::Session session expiration problems
in thread CGI::Session session expiration problems

From looking at CGI::Session::load, this looks valid and your sessions shouldn't expire:

    # checking for expiration ticker
    if ( $self->{_DATA}->{_SESSION_ETIME} ) {
        if ( ($self->{_DATA}->{_SESSION_ATIME} + $self->{_DATA}->{_SES
+SION_ETIME}) <= time() ) {
            $self->_set_status( STATUS_EXPIRED |    # <-- so client ca
+n detect expired sessions
                                STATUS_DELETED );   # <-- session shou
+ld be removed from database
            $self->flush();                         # <-- flush() will
+ do the actual removal!
            return $self;
        }
    }

[download]

This is largely the only mention of STATUS_EXPIRED. So, you will need to post a self-contained example that fails, and then likely report this as a bug. Or maybe your check for whether a session is expired is wrong, or you have two machines which create/check sessions and their system clocks are at least 15 minutes apart.

Replies are listed 'Best First'.
Re^8: CGI::Session session expiration problems
by speckled (Novice) on Jan 16, 2009 at 10:49 UTC
    Oh well, even if the manual says:
      Note: all the expiration times are relative to session's last access time, not to its creation time. To expire a session immediately, call delete(). To expire a specific session parameter immediately, call clear($name).

    ... it really wasn't quite like that for me. Maybe a bug ;P
    Anyway, I got it working by expiring a parameter; this way the session is stil valid but the parameter expires and you can call login if $s->param('login_param') is not set. When calling login one can do a $s->delete() and $s->flush() to clean the session database.
[reply]

In Section Seekers of Perl Wisdom