8 Apr
2015
8 Apr
'15
8:58 p.m.
Given that the cookie is the product of md5-hexing the raw composite cookie data (in encode-session-string), there's no way to get the initial click (creation) time of the session (which is needed in order to ascertain whether the session has expired (session-too-old-p)). So presumably, like the session-ID, we'll need to carry the session start time externally (outside the md5-hexed part of the cookie). Are we thinking along the same rg? I'm puzzled that session persistence isn't a common requirement of hunchentoot. -peter