How do you get CGI::Session to expire after a certain interval?

Question

It seems like CGI::Session expire() function only expires after a user is idle for a specified interval. I'm assuming by idle they mean a user hasnt refreshed the page or accessed any others.

While I see that you can force the session to expire by using delete(), what I dont see is a way to automatically force the session to expire whether the use has been idle or not.

Maybe this is not a desired user experience, but for sake of understanding is there a way to do this without having to track the time interval or using any additional libraries?

Also what is the point of CGI::Session::is_expired if session returns a new one when it expires anyway? At least it seems I can't get to an expired state with my script

  sub build_sss{
    my($this) = shift;

    $cgi = $this->cgi_obj();

    my $sid = $this->sid();
    my $sss = CGI::Session->load(undef, $cgi, {Directory=>'tmp'}) or die CGI::Session->errstr();

   #check expired session
    if ( $sss->is_expired() ) {
      my $expired_url = $ENV{'SCRIPT_URI'}.'?expired='.$sid;
      $this->session_status("SESSION_EXPIRED");
      print $cgi->redirect($expired_url); #when expired param is set shows a msg    
    }


    #check if empty create new
    if ( $sss->is_empty() ) {     
      $sss = $sss->new() or $sss->errstr;
      $this->session_status("SESSION_NEW");
      $sss->expire('30s');
      $sss->expire(_TEST_SUB_SESSION => '15s');
    }

    return $sss;
  }

Answer 1

update: so yeah, if you want a session to expire based on creation time, you have to subclass CGI::Session

1) make sure you have latest version of CGI::Session 2) read CGI::Session::Tutorial 3) write programs that prove your claims, like this CGI::Session expire demo

#!/usr/bin/perl --

use strict;
use warnings;

use CGI();
use CGI::Session();

my ($oneid);
{
  my $one = CGI::Session->new or die CGI::Session->errstr;
  $one->expire('3s');
  $one->param(qw' var value ');
  $oneid = $one->id;

  print "set exire to 3 seconds\n";
}

for my $loop ( 1 .. 4 ) {
  sleep 1;
  my $bob = CGI::Session->load($oneid) or die CGI::Session->errstr;
  print "one second later $bob / $oneid load\n";
}

for my $loop ( 1 .. 4 ) {
  sleep 2;
  my $bob = CGI::Session->load($oneid) or die CGI::Session->errstr;
  print "two seconds later ";
  if ( $bob->is_expired ) {
    print "$bob / $oneid is_expired\n";
  } else {
    print "var=", $bob->param('var'), "\n";
  }
} ## end for my $loop ( 1 .. 4 )

{
  sleep 3;
  my $bob = CGI::Session->load($oneid) or die CGI::Session->errstr;
  print "three seconds later  ";
  if ( $bob->is_expired ) {
    print "$bob / $oneid is_expired\n";
  } else {
    print "var=", $bob->param('var'), "\n";
  }
}

__END__



set exire to 3 seconds
one second later CGI::Session=HASH(0xa965fc) / cf27e3ec9ff5a06a5bef4491e830c8b6 load
one second later CGI::Session=HASH(0x97a164) / cf27e3ec9ff5a06a5bef4491e830c8b6 load
one second later CGI::Session=HASH(0xbef68c) / cf27e3ec9ff5a06a5bef4491e830c8b6 load
one second later CGI::Session=HASH(0xbef56c) / cf27e3ec9ff5a06a5bef4491e830c8b6 load
two seconds later var=value
two seconds later var=value
two seconds later var=value
two seconds later var=value
three seconds later  CGI::Session=HASH(0xa965ec) / cf27e3ec9ff5a06a5bef4491e830c8b6 is_expired

Answer 2

From the documentation:

"is_empty() - Returns true for sessions that are empty. It's preferred way of testing whether requested session was loaded successfully or not"

I don't understand how you are trying to expire a session on the condition that it is empty?

#check if empty create new
if ( $sss->is_empty() ) {     
  $sss = $sss->new() or $sss->errstr;
  $this->session_status("SESSION_NEW");
  $sss->expire('30s');
  $sss->expire(_TEST_SUB_SESSION => '15s');
}

Did you perhaps mean:

if ( !$sss->is_empty() ) { #...Not empty?