[Seaside] Session expiry
Amos
aaamos at gmail.com
Wed Jan 2 09:31:02 UTC 2008
Hi Seasiders,
I'm wondering how best to handle and avoid session expiry in Seaside.
I know I can set the time that a session lives to any number of
seconds, but even a ridiculously high number there isn't really what I
want. If a page is open in a dusty old tab in my browser for a year, I
still want to get to the right page if I click on a link some day,
rather than being redirected to the start page. ;-)
Let's say I'm trying to create a site with a public (unrestricted)
section and a privileged section restricted to registered users and
admins. I want pages in the former section to *not* expire at all, and
I want to be able to find out how much time is left in the session of
the latter and, if it does expire, redirect to a "session has expired"
type page. Is that possible? (I mean, hey, it's Smalltalk, so of
course it's possible, but how do I best go about doing it?)
I've subclassed WASession and set that to be my application's
#sessionClass. The subclass has an instance variable 'user' and
methods #isUserLoggedIn and #isUserNotLoggedIn etc. So far, so good. I
can see from #isActive on WAExpiringHandler that one of the conditions
is 'self secondsSinceLastAccess < self timeoutSeconds', which makes
sense. However, if I have the following method on my subclass:
secondsToSessionExpiry
^self timeoutSeconds - self secondsSinceLastAccess
it always returns timeoutSeconds, i.e. secondsSinceLastAccess always
seems to be 0. Investigating this, I find out that the value is 'Time
totalSeconds - self lastAccess', i.e. it depends on the instance
variable lastAccess - which is apparently only ever (two cases) set to
'Time totalSeconds'...!?! Is that intentional? Should I be overriding
this behaviour? Am I on the wrong track here?
I'd like to end up with a "session countdown" similar to the
"periodical" component in the scriptaculous demo, only with something
like "this session is valid for another hh:mm" instead of the actual
time.
Any pointers as to what I should override (#pageExpired, #isActive,
#lastAccess, etc.) would be greatly appreciated.
Cheers,
Amos
More information about the seaside
mailing list