httpSession and updateSession + deleteSessionFromLocalStorage optimization
I am wondering what is the point of _deleteSessionFromLocalStorage in logout, since
- the session is removed from local cache only on the local server, so if there is more than one server one can't rely on it,
- and the session cookie is erased, so it is not possible to retrieve the session anymore.
But it seems there are few things to optimize :
- in logout, controlExistingSession() tries twice to remove the session from local storage : once in _deleteSession (through $self->{lmConf}->{refLocalStorage}->remove), and once in _deleteSessionFromLocalStorage ;
- _deleteSessionFromLocalStorage creates its own Cache::FileCache object, whereas one already exists ($self->{lmConf}->{refLocalStorage})
Besides, each time it is called, _deleteSessionFromLocalStorage deletes only the main session, but not the http session if securedCookie == 2.
So, I think it is worth
- to replace _deleteSessionFromLocalStorage with a simple 'eval { $self->{lmConf}->{refLocalStorage}->remove($id2); };'
- not to remove session from local cache in logout (what is it for ?)
- to modify updateSession() so as to update http session, if it exists
- to warn that a session update may not be spread instantly on all LL::NG handlers, because of local cache, except if a user requests always the same server.
Alright ?