[Seaside] Sessions disappearing?

Tim Rowledge tim@sumeru.stanford.edu
Fri, 24 May 2002 10:11:20 -0700

In message <Pine.LNX.4.30.0205232125020.24760-100000@cable.beta4.com>
          Avi Bryant <avi@beta4.com> wrote:

> Sessions are by default stored in an LRUCache.  This is configurable using the
> standard config page (another useful option is the SegmentCache, which
> writes infrequently used sessions out to an ImageSegment).  If you want a
> different policy, just write a new subclass of IACache.
OK, that's a good approach to have available. One thing  haven't been
able to work out yet is the usage by applications of sesions; it seems
so far like each application gets a new session of its preferred class
when 'opened' - is this correct? So I could have a completely open home
page with my college specific pages protected by an authenticating
session? Oh, and has anybody fleshed out the authentication stuff? In my
current copy of seaside it's a very trivial check for user = seaside
etc; hardly high security!

> That they end up as nil instead of just disappearing from the dictionary
> is I guess a peculiarity of WeakAssociations... I'll have to look at that.
> Yes, it is supposed to start a new session when that happens.
The normal pattern for weak dictionaries etc is that the entry in the
weak dictionary gets niled (using nil as an unpermitted guard value) and
finalisation is supposed to compare this with some other source to see
if objects need to be finalised. Or something like that - it's years
since we invented it at PPS and I've never needed to use it since then!

I think your code simply needs to check for a nil and treat it as an
ifAbsent situation. Though you might want to do things a little
differently if time-out sessions are supposed to be usable, since we
clearly don't want to simply start a new one in that case, it sort of
occludes the entire purpose.


Tim Rowledge, tim@sumeru.stanford.edu, http://sumeru.stanford.edu/tim
Useful random insult:- Living proof that nature does not abhor a vacuum.