[Seaside] Sessions disappearing?
Avi Bryant
avi@beta4.com
Fri, 24 May 2002 10:48:49 -0700 (PDT)
On Fri, 24 May 2002, Tim Rowledge wrote:
> One thing haven't been
> able to work out yet is the usage by applications of sesions; it seems
> so far like each application gets a new session of its preferred class
> when 'opened' - is this correct?
Yes, that's right.
> So I could have a completely open home
> page with my college specific pages protected by an authenticating
> session? Oh, and has anybody fleshed out the authentication stuff? In my
> current copy of seaside it's a very trivial check for user = seaside
> etc; hardly high security!
Nope ;-). You should also look at the IAAuthPage/IAAuthPageSession
example, which is a little more fleshed out than the
IAAuthenticatedSession used by the config app, but still doesn't do any
useful lookup of users/passwords. IAuthPageSession also does a user
timeout seperately from the actual session timeout, which might answer
your comment below?
> Though you might want to do things a little
> differently if time-out sessions are supposed to be usable, since we
> clearly don't want to simply start a new one in that case, it sort of
> occludes the entire purpose.