How can I call some custom action, when a session of a user expires. Can this be done with mojolicious? Can it be done with other web frameworks?
What is the term I am looking for, I don't know what to google, except "session destructor" or "session destroy".
Specifically I want to notify an external API, deleting the session there.
Since you're not getting any answers on your question, I decided do some digging.
I found Plack::Session::Cleanup (which can be used by Plack::Middleware::Session) that seems to have what you wish. Unfortunately, here's where I ran into problems, there's a MojoX::Session::Simple for Plack::Middleware::Session::Simple, but no connectors for the non-Simple modules. So, I don't know if this will help you, but you might poke around and see if it can.
I then looked at
Mojolicious::Sessions,Mojolicious::Sessions::Storable,MojoX::SessionandMojolicious::Plugin::SimpleSessionto see how they handle expiration...Looking at the code for
Mojolicious::Sessions, it seems that the sessions are only stored within the cookie and the expiration is only checked when the cookie is loaded back from the client. If you had a hook at line 24 to handle the expired session, it might get called multiple times for the same expired session (and probably not what you want) or it may never get called (if the client stops accessing the system before expiration).Mojolicious::Sessions::Storableis based onMojolicious::Sessionsand seems to have the same expiration code (with the same issues).Looking at the code for
MojoX::Session, it looks likeflushhas a provision for a callback (for both previously expired sessions at line 216 and newly expired sessions at lines 227, 233, 262 and 268 [unfortunately there's no way to distinguish between the two]). Unfortunately, this functionality is not documented and so it might go away at any time plus I'm not sure when/how it can be used (again because it isn't documented).Mojolicious::Plugin::SimpleSessionhas a single method (_too_old) that could be overridden.I also looked at
WWW::Session::Storage::Filewhich is often used withWWW::Sessionwhich can be used viaMojolicious::Plugin::WWWSessionand you could put a hook in the code around line 112, but again nothing is built-in.So, in summary, the undocumented callback in
MojoX::Session'sflushmethod comes closest, but all of these solutions have one fatal flaw: they only get called when a transaction happens and this means that you'll miss some expirations (unless you have another mechanism to handle those). Because of this, I think it is best that you have the other API manage its session cleanup based on a longer timeout then your application's session or create your own timeout/cleanup mechanism for the other API's session stored in your application.