You are viewing a plain text version of this content. The canonical link for it is here.

Posted to asp@perl.apache.org by Richard Curtis <ri...@crosswired.co.uk> on 2003/02/22 20:33:46 UTC

Question regarding $Session->Abandon

I am having some problems with $Session->Abandon().

I have the following code on a logout page :
     use Data::Dumper;
     warnd("b4",Dumper $Session);
     $Session->Abandon();
     warnd("after",Dumper $Session);
     $Response->Redirect("/login/login.asp");

Each time I print the contents of $Session, even after I have abandoned 
it, I get shown the same contents.
"warnd" is a logging function I use which just dumps to a file.

Why, even after I have abandoned a session, is there still data in the 
session object ?

Richard


---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org

Re: Question regarding $Session->Abandon

Posted by Richard Curtis <ri...@crosswired.co.uk>.

>> I am having some problems with $Session->Abandon().
>>
>> I have the following code on a logout page :
>>     use Data::Dumper;
>>     warnd("b4",Dumper $Session);
>>     $Session->Abandon();
>>     warnd("after",Dumper $Session);
>>     $Response->Redirect("/login/login.asp");
>>
>> Each time I print the contents of $Session, even after I have 
>> abandoned it, I get shown the same contents.
>> "warnd" is a logging function I use which just dumps to a file.
>>
>> Why, even after I have abandoned a session, is there still data in the 
>> session object ?
>>
> 
> $Session->Abandon makes a session timeout immediately.  However,
> the session data will exist until the session manager cleans up
> that session, and calls Session_OnEnd on it.  The effect of 
> $Session->Abandon
> timing out a session immediately is that a web browser will get a new
> session on the *next* web request.
> 
> A more accurate way to do this might be to call Session_OnEnd immediately,
> but the problem remains then what state the $Session object is in
> after $Session->Abandon.  If Session_OnEnd is called, it will be deleted.
> Perhaps one might want a new session created immediately after 
> $Session->Abandon,
> but the HTTP headers might have already been sent by this time, so the
> browser would not be aware of it, so that does not seem like a good way 
> to go.

Thanks for the answer.
I will explain a little bit more about the problem (which I have solved).

I dont think the current system needs to be improved... it had worked 
fine for me until I noticed a problem with my logout code.
I only noticed the fact that the Session->Abandon didnt clear up 
immediately when debugging another issue.

Incase any other users notice, the version of Konquerer that ships with 
Redhat 7.3 is a bit buggy.  When I logged out of my APP, I would go back 
to a login page.  I then logged in as a different user, but somehow, it 
thought I was the old user.  I couldnt understand as I knew I had 
explicity killed off the session on logout.

It seems to have been a Konquerer bug because when I upgraded (via Red 
Carpet) it all worked OK.
So it appears that Konquerer had a caching issue and was reposting the 
*old* credentials from the previous login.

Anyway, to cut a long story short, the problem is solved, and I dont 
really see any valid reason to change the implementation of 
Session->Abandon at present.

Richard


---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org

Re: Question regarding $Session->Abandon

Posted by Josh Chamas <jo...@chamas.com>.

Richard Curtis wrote:
> I am having some problems with $Session->Abandon().
> 
> I have the following code on a logout page :
>     use Data::Dumper;
>     warnd("b4",Dumper $Session);
>     $Session->Abandon();
>     warnd("after",Dumper $Session);
>     $Response->Redirect("/login/login.asp");
> 
> Each time I print the contents of $Session, even after I have abandoned 
> it, I get shown the same contents.
> "warnd" is a logging function I use which just dumps to a file.
> 
> Why, even after I have abandoned a session, is there still data in the 
> session object ?
> 

$Session->Abandon makes a session timeout immediately.  However,
the session data will exist until the session manager cleans up
that session, and calls Session_OnEnd on it.  The effect of $Session->Abandon
timing out a session immediately is that a web browser will get a new
session on the *next* web request.

A more accurate way to do this might be to call Session_OnEnd immediately,
but the problem remains then what state the $Session object is in
after $Session->Abandon.  If Session_OnEnd is called, it will be deleted.
Perhaps one might want a new session created immediately after $Session->Abandon,
but the HTTP headers might have already been sent by this time, so the
browser would not be aware of it, so that does not seem like a good way to go.

If you think the existing strategy needs improvement, please discuss
your ideas on this.

Regards,

Josh

________________________________________________________________
Josh Chamas, Founder                   phone:925-552-0128
Chamas Enterprises Inc.                http://www.chamas.com
NodeWorks Link Checking                http://www.nodeworks.com

---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org