because they rely on the client side to a) do what you asked it to, b) do
it correctly. Both for technical and security reasons you still have to
authenticate everything that comes back from the client each time the
client sends it. Unless it really doesn’t matter to you if they time out
and this is there for their protection.
pages back to their homepage after a set time. Which is great at the
library, it means I can walk away from a terminal and after a while it
resets itself. It’s terrible at home, where I might be looking up books
and go away for a while… when I come back I’ve lost my page.
A lightweight solution (also potentially anonymous-- you can set up
sessions with or without a login using this) would use CGI::Session and
sess[‘last_access’] = Time.now. For each successive page load if Time.now
< sess[‘last_access’] + interval, then they’re ok… so reset
sess['last_access] = Time.now and continue loading page.
If I had users in a database I would probably work this into the routine
that verifies their cookie on each page load, and just have a last_access
field in my users table. That’s a field I’d probably have anyway, since
it’s a common requirement to know how active the user base is, and this is
a key measure for that.
On Sunday 25 August 2002 01:15, Hal E. Fulton wrote:
Is there more than one way a timeout is usually
handled? I can see where it might be done in
see where it might also be done server-side, in
which case it’s possible to write a keepalive
Michael C. Libby firstname.lastname@example.org
public key: http://www.ichimunki.com/public_key.txt
web site: http://www.ichimunki.com