use namespace::clean -except => 'meta';
-our $VERSION = '0.29';
+our $VERSION = '0.31';
$VERSION = eval $VERSION;
my @session_data_accessors; # used in delete_session
my $now = time;
- return $c->_session(
- {
+ my $session_data = {
__created => $now,
__updated => $now,
? ( __user_agent => $c->request->user_agent||'' )
: ()
),
- }
- );
+ };
+
+ # Only save this session if data is added by the application
+ $c->_session_data_sig( Object::Signature::signature($session_data) );
+
+ return $c->_session($session_data);
}
sub generate_session_id {
(
$c->maybe::next::method(),
- $c->sessionid
+ $c->_sessionid
? ( [ "Session ID" => $c->sessionid ], [ Session => $c->session ], )
: ()
);
For example:
- __PACKAGE__->config('Plugin::Session' => { expires => 1000000000000 }); # forever
+ __PACKAGE__->config('Plugin::Session' => { expires => 10000000000 }); # "forever"
+ (NB If this number is too large, Y2K38 breakage could result.)
# later
=back
-If this is a concern in your application, a soon-to-be-developed locking
-solution is the only safe way to go. This will have a bigger overhead.
-
-For applications where any given user is only making one request at a time this
-plugin should be safe enough.
+For applications where any given user's session is only making one request
+at a time this plugin should be safe enough.
=head1 AUTHORS