|
Gushie has asked for the wisdom of the Perl Monks concerning the following question:
i am trying to setup a session tracking on my web site. I decoded to use cookies and have these attached to a session that is stored via the Apache::Session::File (for now).
a user logsin i check for a cookie, if there isnt one then i make a new session pass them there cookie with this session. ok all thats fine BUT .. how long should i leave the cookie with the user for ? and if the cookie expires i am going to be left with a session file on my server. |
Re: Cookie Seesions -again !
by stefan k (Curate) on Feb 07, 2001 at 17:58 UTC
|
Hi,
I can't answer your question directly, but I maybe I can help you with a hint.
Michael Schilli (Author of
PerlPower (Goto Perl in german) and one of our favorite Perl-authors in Germany) has
actually written such a tracking system (using cookies and outputting graphics) already.
It was described in two articles of ther (german) linux-magazin. I don't know whether you are capable
of speaking german, or whether the babelfish can help you out, or if the
sourcecode is just enough, but here are the links.
Again: it's all in german.
Regards
Stefan K
$dom = "skamphausen.de"; ## May The Open Source Be With You!
$Mail = "mail@$dom; $Url = "http://www.$dom";
| [reply]
[d/l] |
Re: Cookie Seesions -again !
by Caillte (Friar) on Feb 07, 2001 at 19:30 UTC
|
Your question is rather like asking How long is a piece of string? If you look around the net you will find lots of different sites implement this in different ways. This very shrine uses two methods... either it abandons the information when you log off or it stores a permanent cookie in your browser. Yahoo Mail (at least the UK version insists that you reenter your password again if you keep a session open for a few hours as a protection for those who wander off leaving their mail open.
Basicly, there is no fixed answer for your question.... at least, there is one but it is likely to be unique to your own site. You need to sit down and work out a few answers:
- Do you want returning visitors to connect without logging in?
- Are there security reasons that insist you auto logout after a certain length of time?
- Are you looking to track users across sessions?
- What would offer the best 'value for money' (I cant think of another way of putting this) for your visitors?
- And more, these are just off the top of my head.
$japh->{'Caillte'} = $me;
| [reply]
[d/l] |
Re: Cookie Seesions -again !
by sutch (Curate) on Feb 07, 2001 at 18:30 UTC
|
Don't set an expire time for the cookie. This will return a cookie that only persists for as long as the user's browser is open.
You may want to consider providing a method for users to logout, which would remove the cookie from the user's browser and delete the session file on the server. To handle stale session files on the server, store the date of last use in each file (alternatively name the session file with this date) and periodically have a program delete session files older than a certain, reasonable date. | [reply] |
|
