[Seaside] How to work with sessions

Avi Bryant avi@beta4.com
Sun, 31 Mar 2002 13:12:13 -0800 (PST)

On Sun, 31 Mar 2002, Alain Fischer wrote:

> Hi Avi,
> I wanted to add session management to my application to be able to
> login logout have a session timeout after some defined time of
> unactivity. I wanted a user to logout form his session and to start a
> new session with higer privilege for example.

My experience with HTTP authentication is that once you try to get fancy
it's easier to use your own authentication method instead.  What I might
do in your case is use the #aboutToViewPage: method on Session to make
sure you're logged in before showing any pages.  Something like

MySession>>aboutToViewPage: aPage
  (user isNil or: [self isTimedOut]) ifTrue:
    [aPage isAuthenticationPage ifFalse:
	[user := aPage callPage: (MyAuthPage new)]]
  self updateTimeOut.
  super aboutToViewPage: aPage.

Does this make sense?  I should probably just include such a session,
since I imagine it's generally useful.

> I have seen the IATransaction, perhaps this could be used instead of
> session.

IATransaction isn't an alternative, it is used as part of session - for a
little more about transactions, see the end of tutorial 2.  Basically,
they group page views together that can expire en-masse.