[Seaside] how to make bookmarkable urls?
avi.bryant at gmail.com
Fri Nov 25 10:26:56 CET 2005
On Nov 25, 2005, at 1:05 AM, Todd Blanchard wrote:
> I'm building a seaside app that has some urls that I want to be
> bookmarkable. I have a couple questions about how to do this right.
> 1) If I give someone a url with session keys in it, and they use it
> quickly, can they steal my session?
> How might I prevent this?
You can turn on the (very recently [re-]added and untested) option to
store session keys in cookies. Or you could add some code to, say,
remember the IP a session was started from and check to make sure
it's the same IP asking for it again later.
> 2) I can generate urls that make sense to my app in a stateless way
> by doing something like:
> (html anchor url: (self session application basePath,
> myCleverPathAddition)) with: [html text: 'Bookmark me']
> but of course, clicking this will create a new session because the
> session keys are not in the url. So how do I add the session key?
So, the "normal" way to add stuff to the URL is to override
WAComponent>>updateUrl: and use the WAUrl protocol to modify the path
and parameters to reflect the current page state. The reason this
works is that (by default) there's a redirect before every request,
and so you don't have to worry about adding the permalink stuff in
when generating the link, you can wait until someone clicks it and
then stick it in before the redirect.
This has at least two problems:
- it requires that redirect, which can be kinda annoying (you can
now, in theory, distinguish between navigational and side-effecting
links in Seaside, and have it only redirect for the latter, but that
feature doesn't seem to be usable yet - given that nobody uses it).
- if a savvy web user right clicks on the link to save the URL
without actually following it, it won't be right (it'll probably have
the permalink info from the page they're viewing, not the page it
So probably what you want to do is extend WAAnchorTag to allow you to
modify the URL before it gets stuck in as the href attribute... the
API could maybe look like:
updateUrl: [:u | u addToPath: myCleverPathAddition];
callback: [self doStuff];
text: 'Bookmark me'
> 3) I'm figuring out how to set up the ui state in initialRequest:
> based on the url - so this is good. But where is the good place to
> arrange for bogus session keys to silently produce a new session
> rather than warn of an expired one?
Actually I already made that change in the latest versions, it was
annoying me too. But the answer is, in
More information about the Seaside