8 Apr
2015
8 Apr
'15
10:58 p.m.
Given that the cookie is the product of md5-hexing the raw composite cookie data (in encode-session-string), there's no way to get the initial click (creation) time of the session (which is needed in order to ascertain whether the session has expired (session-too-old-p)).
So presumably, like the session-ID, we'll need to carry the session start time externally (outside the md5-hexed part of the cookie).
Are we thinking along the same rg?
I'm puzzled that session persistence isn't a common requirement of hunchentoot.
-peter