[Seaside] Session expiry

John Thornborrow john at pinesoft.co.uk
Wed Jan 2 09:48:08 UTC 2008


Rather than looking for non-expiring sessions, I'd recommend you look
into creating permanent entry points in your application.

Pier has this functionality, but it really isn't too difficult to make
your own implementation by using criteria in a URI and the
#initialRequest: message on your applications root object.


Amos wrote:
> Hi Seasiders,
> I'm wondering how best to handle and avoid session expiry in Seaside.
> I know I can set the time that a session lives to any number of
> seconds, but even a ridiculously high number there isn't really what I
> want. If a page is open in a dusty old tab in my browser for a year, I
> still want to get to the right page if I click on a link some day,
> rather than being redirected to the start page. ;-)
> Let's say I'm trying to create a site with a public (unrestricted)
> section and a privileged section restricted to registered users and
> admins. I want pages in the former section to *not* expire at all, and
> I want to be able to find out how much time is left in the session of
> the latter and, if it does expire, redirect to a "session has expired"
> type page. Is that possible? (I mean, hey, it's Smalltalk, so of
> course it's possible, but how do I best go about doing it?)
> I've subclassed WASession and set that to be my application's
> #sessionClass. The subclass has an instance variable 'user' and
> methods #isUserLoggedIn and #isUserNotLoggedIn etc. So far, so good. I
> can see from #isActive on WAExpiringHandler that one of the conditions
> is 'self secondsSinceLastAccess < self timeoutSeconds', which makes
> sense. However, if I have the following method on my subclass:
> secondsToSessionExpiry
> 	^self timeoutSeconds - self secondsSinceLastAccess
> it always returns timeoutSeconds, i.e. secondsSinceLastAccess always
> seems to be 0. Investigating this, I find out that the value is 'Time
> totalSeconds - self lastAccess', i.e. it depends on the instance
> variable lastAccess - which is apparently only ever (two cases) set to
> 'Time totalSeconds'...!?! Is that intentional? Should I be overriding
> this behaviour? Am I on the wrong track here?
> I'd like to end up with a "session countdown" similar to the
> "periodical" component in the scriptaculous demo, only with something
> like "this session is valid for another hh:mm" instead of the actual
> time.
> Any pointers as to what I should override (#pageExpired, #isActive,
> #lastAccess, etc.) would be greatly appreciated.
> Cheers,
> Amos
> _______________________________________________
> seaside mailing list
> seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

Pinesoft Computers are registered in England, Registered number: 2914825. Registered office: 266-268 High Street, Waltham Cross, Herts, EN8 7EA

This message has been scanned for viruses by BlackSpider MailControl - www.blackspider.com

More information about the seaside mailing list