Closed funkatron closed 9 years ago
Agreed. This would be nice. I think this is a good candidate for the forthcoming session middleware layer since Slim core will no longer touch anything related to sessions. This is related to https://github.com/slimphp/Slim/issues/1049
Looping @silentworks in on this.
I added code to show how we hacked around it. It's pretty… hackey.
Interesting @funkatron . That brings me to another place, I like how conduit does this. You can attach a middleware to a route. I hope Slim can also do the same ?
@harikt Slim has had route middleware since 2.0.
nice :) .
Hari K T
You can ring me : +91 9388 75 8821
http://harikt.com , https://github.com/harikt , http://www.linkedin.com/in/harikt , http://www.xing.com/profile/Hari_KT
Skype : kthari85 Twitter : harikt
On Wed, Mar 11, 2015 at 7:27 PM, Josh Lockhart notifications@github.com wrote:
@harikt https://github.com/harikt Slim has had route middleware since 2.0.
— Reply to this email directly or view it on GitHub https://github.com/slimphp/Slim/issues/1084#issuecomment-78267198.
@funkatron Isn't this already solved with 3.x since we are no longer saving session data into cookies?
We ran into this scenario on our last major Slim 2 project:
The site used authentication for user accounts and such, but much of the content was viewable whether or not you were logged-in. Authenticated requests obviously required a session cookie, but we wanted to cache non-authenticated requests with Varnish, and sending a constantly changing session cookie would constantly break the cache.
We had to hack around this to set a flag that said "undo sending a cookie!" when we determined that the user was not logged in (some pages allowed both authenticated and non-authenticated access, so you couldn't just do it on a per-route basis). The flag would then modify the Cookie header (which had already been set, because we had sessions enabled) in the final response stages.
(I don't yet have access to the code, but I'm asking my previous employer to check out that bit, so I could share. It's super duper hackey.)
tl;dr: It would be really handy to, one way or another, say "oh, I don't want a session cookie sent -- kill it!" at some arbitrary point in route handler processing.