[ic] Addition of CookieExpire

Davor Ocelic docelic at hcoop.net
Wed Jun 25 17:57:56 UTC 2008

On Wed, 25 Jun 2008 10:34:39 -0600 (MDT)
Jon Jensen <jon at endpoint.com> wrote:

> On Tue, 24 Jun 2008, Davor Ocelic wrote:
> > Sites like Amazon etc. support 'resuming' your session even after
> > you close the browser.
> >
> > Here's a simple patch that would add this functionality to
> > Interchange.
> >
> > When you set the new CookieExpire directive in the config file,
> > then session cookies are created with expiration date = time() + 
> > CookieExpire, instead of at the end of session.
> >
> > This allows you to 'resume' your session in that timeframe. As the
> > date in the cookie is not updated after initial cookie creation,
> > the session *would* eventually expire (in time() + SessionExpire
> > after session creation).
> It would be good to have a simple way to do this.
> I have done this in the past with an Autoload that calls a globalsub
> like this:
>      $Vend::Expire = time() + (86400 * 14);  # 2 weeks
> $Vend::Expire is already designed to handle this, but there's no 
> configuration directive for setting it. Should we consider having the 
> directive set that instead of a new variable?

I thought having both the variable and $Vend::Expire can in fact be

For example, the problem with CookiExpire (new directive) is that it
doesn't update cookie expire time. So if you set initial expire time
to  t + 1 month, and you re-visit the site 15 minutes before expiry,
in 15 minutes your session would break even if you were normally
browsing the site.

So current SaveExpire setting could be used to set $Vend::Expire and
modify session cookie (with mv_session_save) *only* if it would prolong
expiry time already saved in the cookie.

That way it would solve this only rough edge I found with
new CookieExpire.

Let me what you think as this cookie business isn't straightforward
at all when you look into the code.


More information about the interchange-users mailing list