dagolden
commented
11 years ago It's cryptographically secured with a nonce, so every cookie is different.
For what you're doing, you need another session engine with a stable ID.
Sorry On Feb 23, 2013 11:39 AM, "Nicolas Franck" notifications@github.com wrote:
Hi there,
Is it normal that the session identifier changes on every request? I read in the documentation that the identifier is equal to the serialized data. Has that something to do with it? (because the order of keys in a hash is not always the same)
The reason why I need this, is because I'm trying to implement a logout request, initiated from a CAS-server:
- server sends user to CAS when no ticket is supplied
user returns with ticket. This ticket is mapped to the session identifier 3.
when user logs out of CAS, CAS sends a logout request to all servers that depend on him. It also sends the old ticket
To be able to log this user out, I need the session identifier, but it changes the whole time..
Any idea? Is there something that does not change, so I can use it?
Thanks in advance!
— Reply to this email directly or view it on GitHubhttps://github.com/dagolden/Dancer-Session-Cookie/issues/3.
Hi there,
Is it normal that the session identifier changes on every request? I read in the documentation that the identifier is equal to the serialized data. Has that something to do with it? (because the order of keys in a hash is not always the same)
The reason why I need this, is because I'm trying to implement a logout request, initiated from a CAS-server:
when user logs out of CAS, CAS sends a logout request to all servers that depend on him. It also sends the old ticket
To be able to log this user out, I need the session identifier, but it changes the whole time..
Any idea? Is there something that does not change, so I can use it?
Thanks in advance!