Falling Back to URI-based Sessions in Catalyst
Friday, January 13, 2006 at 3:19PM A requirement for our 'future' platform was to play nicely with users who, for whatever reason, don't allow cookies. The idea we settled on was to attempt to set a cookie, but use a session id in the URI if they had no cookie. This means that the first time a user visits us, their links will all contain a session id. If they allow cookies, subsequent requests will be free of the session id
I initially started playing with this using the Session::Flex plugin for Catalyst. I quickly found some problems and contact the maintainer, who notified me that I should be using the new Catalyst::Plugin::Session and it's friend Catalyst::Plugin::State::Cookie. After switching to these, I quickly ran into more issues. I tried using both State::Cookie and State::URI together, but this always seemed to result in an undefined sessionid.
With the help of some people from #catalyst, I handed in a couple patches to allow these two plugins to play together. I'm not sure when a new release will happen, but here's how it works.
In your app's core .pm file, install the plugins in the order you want them to work. If you want to prefer a cookie, put it first:
use Catalyst qw/... Session Session::Store::FastMmap Session::State::Cookie
Session::State::URI/;
You'll also need to config(), but you should already know that. On to the magic. In your main .pm's auto method, add something like this:
if($c->req()->cookie('your-cookie-name-here')) {
$c->config()->{'session'}->{'rewrite'} = 0;
} else {
$c->config()->{'session'}->{'rewrite'} = 1;
}
With that bit of magic, your Catalyst app should happily use cookies to store sessions or fall back to the URI. Remember to watch how you handle sessions because URI ones are a bit scary when you take hijacking into consideration. Strap it up first. :)
Reader Comments