[Seaside] New Gardner version
Benjamin Pollack
benjamin.pollack at duke.edu
Mon Aug 4 20:26:17 CEST 2003
On Monday, August 4, 2003, at 06:04 PM, Cees de Groot wrote:
> Dogfood mode: http://www.tric.nl/ is the first site I created by using
> Gardner as a whitebox framework.
Attempting to access that website in Safari fails. It constantly
toggles between http://www.tric.nl/tric/[session information] and
http://www.tric.nl/tric/tric , never loading any actual data. I took a
look with telnet to figure out what's happening:
1. First, the Apache server that is virtually hosting www.tric.nl
issues an HTTP/302 redirect to http://www.tric.nl/tric/
2. Seaside then issues another HTTP/302 redirect to
http://www.tric.nl/tric/[session1]
3. Seaside then issues ANOTHER HTTP/302 redirect, this time to
http://www.tric.nl/tric/tric, the new way/[session2] , but because that
URL lacks the proper escape characters, Safari mistakenly redirects
back to /tric/[session3], which causes an infinite loop, spawning a
huge number of Seaside sessions very quickly.
(This problem does not surface with Mozilla, but that is because
Mozilla is forgiving, not because Safari is implementing incorrect
behavior.)
You need to remove the spaces in that URL or properly escape them, or
else someone is going to accidentally DoS you by spawning a massive
number of Seaside sessions in a very short time trying to view your
website. Each URL request that results from a 302 redirect is
generating a new session. Over a T1, Seaside seems to be able to crank
these sessions out really fast, and it took me a moment to figure out
why Safari was appearing to reload the same page about ten times per
second before I could process what the problem was and stop it. On the
same note, though, why is Seaside creating new sessions for every
WARedirectResponse in the first place? Is that a flaw with Seaside, or
with the framework, or is there a good reason for spawning new sessions
on redirects? The session will of course time out after ten minutes,
but I don't understand why you need to generate a new session that way.
It has the potential to waste a lot of memory on a heavily used site.
--Benjamin
More information about the Seaside
mailing list