better examples for session expiration

mojolicious · Aug 19, 2012 · b3a8efc · b3a8efc
1 parent 351e58c
commit b3a8efc
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 7 deletions.
diff --git a/lib/Mojolicious/Controller.pm b/lib/Mojolicious/Controller.pm
@@ -906,10 +906,13 @@ and stored in C<HMAC-SHA1> signed cookies. Note that cookies usually have a
   my $foo = $c->session->{foo};
   delete $c->session->{foo};
 
-  # Expire a week from now (epoch seconds from now)
+  # Expiration date in epoch seconds from now (persists between requests)
   $c->session(expiration => 604800);
 
-  # Expire a long long time ago (absolute time in epoch seconds)
+  # Expiration date as absolute epoch time (only valid for one request)
+  $c->session(expires => time + 604800);
+
+  # Delete whole session by setting an expiration date in the past
   $c->session(expires => 1);
 
 =head2 C<signed_cookie>

diff --git a/lib/Mojolicious/Guides/Growing.pod b/lib/Mojolicious/Guides/Growing.pod
@@ -355,13 +355,13 @@ secure and can be changed at any time to invalidate all existing sessions.
   $self->session(user => 'sri');
   my $user = $self->session('user');
 
-By default all sessions expire after one hour, for more control you can also
-use the C<expiration> session value.
+By default all sessions expire after one hour, for more control you can use
+the C<expiration> session value to set an expiration date in seconds from now.
 
   $self->session(expiration => 3600);
 
 And the whole session can be deleted by using the C<expires> session value to
-set an expiration date in the past.
+set an absolute expiration date in the past.
 
   $self->session(expires => 1);
 

diff --git a/lib/Mojolicious/Sessions.pm b/lib/Mojolicious/Sessions.pm
@@ -127,10 +127,13 @@ will allow sessions to persist until the browser window is closed, this can
 have security implications though. For more control you can also use the
 C<expiration> and C<expires> session values.
 
-  # Expire a week from now (epoch seconds from now)
+  # Expiration date in epoch seconds from now (persists between requests)
   $c->session(expiration => 604800);
 
-  # Expire a long long time ago (absolute time in epoch seconds)
+  # Expiration date as absolute epoch time (only valid for one request)
+  $c->session(expires => time + 604800);
+
+  # Delete whole session by setting an expiration date in the past
   $c->session(expires => 1);
 
 =head2 C<secure>