Hi,
I think exporting remove-session is a good idea - currently there isn't a reliable way to invalidate a current session, except for setting each session variable to nil (through session-value - or am I missing something obvious?). And setting *session* to nil doesn't seem to do this.
Regards, Vamsee.
On Sat, 28 Apr 2007 03:29:56 +0530, Vamsee Kanakala vamlists@gmail.com wrote:
I think exporting remove-session is a good idea - currently there isn't a reliable way to invalidate a current session, except for setting each session variable to nil (through session-value - or am I missing something obvious?).
You're not missing anything, but usually (at least that's the way I'm using it) you have /one/ specific value in the session which controls its validity, i.e. you'd only have to delete this one value. (Note that deleting it is slightly different from setting it to NIL.)
But I can export REMOVE-SESSION if people think that'd be useful.
And setting *session* to nil doesn't seem to do this.
Of course not. This variable is only bound to the session object while the handler is active.
On 4/28/07, Edi Weitz edi@agharta.de wrote:
But I can export REMOVE-SESSION if people think that'd be useful.
I'm not sure about others, but I think it would be helpful when multiple session variables are being set in different parts of the web app, when you could invalidate the entire session when a user logs out, instead of deleting each session variable - it's possible that the developer forgot to delete this particular session var in the logout method (this just happened to me :D).
And setting *session* to nil doesn't seem to do this.
Of course not. This variable is only bound to the session object while the handler is active.
Oops, I realized that a bit late :)
Thanks, Vamsee.
On Sun, 29 Apr 2007 11:19:57 +0530, "Vamsee Kanakala" vamlists@gmail.com wrote:
I'm not sure about others, but I think it would be helpful when multiple session variables are being set in different parts of the web app, when you could invalidate the entire session when a user logs out, instead of deleting each session variable - it's possible that the developer forgot to delete this particular session var in the logout method (this just happened to me :D).
OK, it's exported in 0.9.1.
-
Edi Weitz -
Vamsee Kanakala