2ants has asked for the wisdom of the Perl Monks concerning the following question:


I've looked at the documentation, and this and other perly sites and I cannot find the answer I seek.

I am using CGI::Session successfully - except that I think sessions may be expiring when they should not.

However, I can find no definition of what constitutes "activity", and therefore whether I am experiencing expiration due to inactivity or not.

e.g. with an expiry time of 5 minutes, my sessions seem to be expiring as soon as the 5 minutes has elapsed, even though pages are being visited - and pages are generated by perl which do a CGI::Session->load at the start. Would a CGI::Session->load call be sufficient to count as "activity"? Or is there something else that needs to be explicitly set/called?


Replies are listed 'Best First'.
Re: CGI::Session - expiry
by Anonymous Monk on Mar 12, 2010 at 11:34 UTC
    Note: all the expiration times are relative to session's last access time, not to its creation time.
      Thanks - but can a call of CGI::Session->load be considered as a session's last access? If not, what can?
        be considered as a session's last access? If not, what can?

        I would say for the whole session yes, but not for individual values. I would also test to check.

        As you can see, loading is considered access (no big surprise there).
Re: CGI::Session - expiry
by zwon (Abbot) on Mar 12, 2010 at 20:05 UTC

    Have you set expriration time for the cookie? It will be easier to help you if you show us related code.

      Thanks, but I think you have missed the point of the question. I did state that the expiry time was set at 5 mins. What I need to know is, how does CGI::Session decide whether a user has been active or inactive. Application code is not an issue as such.
Re: CGI::Session - expiry
by Herkum (Parson) on Mar 14, 2010 at 16:22 UTC

    The easy way to test is to examine you stored session. Create your new session, check the expiry time in you database/file. Access your web page again and see if your expiry time has changed.

    Now that you know HOW to check when you session is expired, you next need to look and see how you want your session to expire. If you are looking to check Idle time, well you need to reset the expiry value for the session EVERY time the user accesses the session

    my $session = CGI::Session->load(); if ($session->is_expired) { # Do something like refresh the page } else { $session->expiry("+5m"); # Wait another 5 minutes }

    There is nothing magical about how CGI::Session handles expiration. You set an initial expiration and that is it. By default, it will not reset the expiration value for you. There is no hidden value that deals with idle time.

      Thanks a lot, that's the statement I was looking for.

      I didn't have a problem knowing my session was expiring, but I could not find a statement anywhere saying how activity was recognised.

      I suppose I was half-expecting load() to re-set the expiry time itself, but I guess this way you have more flexibility around it.

        What are you two talking about? If you load the session before it expires, the timer does gets re-set, like I already showed.
        set exire to 3 seconds one second later CGI::Session=HASH(0xa965fc) / cf27e3ec9ff5a06a5bef449 +1e830c8b6 load one second later CGI::Session=HASH(0x97a164) / cf27e3ec9ff5a06a5bef449 +1e830c8b6 load one second later CGI::Session=HASH(0xbef68c) / cf27e3ec9ff5a06a5bef449 +1e830c8b6 load one second later CGI::Session=HASH(0xbef56c) / cf27e3ec9ff5a06a5bef449 +1e830c8b6 load two seconds later var=value two seconds later var=value two seconds later var=value two seconds later var=value three seconds later CGI::Session=HASH(0xa965ec) / cf27e3ec9ff5a06a5be +f4491e830c8b6 is_expired