Closed chrisotherwise closed 11 years ago
Thanks for the report. I'll take a look.
David
The fix was a little more extensive, but you put me on the right track. In the end, I had to also parse for the "1 hour" format for session_expires. I also wrote some actual tests for session_expires, which hadn't existed before.
Released to CPAN as 0.19
Line 148 of Cookie.pm passes a value for $expires to an instance of Session::Storage::Secure ($STORE), thus:
But that instance expects an absolute expiry time (seconds since epoch) in that parameter whereas you are passing an expiry time in seconds.
This causes the session encryption/decryption to fail consistently every time if any expiry has been defined in Dancer's config.yml.
This can be fixed by changing line 148 to:
... in which case the (same) expiry that was used when you instantiated the $STORE will be used correctly.