[Seaside] sharing sessions through links..

Julian Fitzell jfitzell at gmail.com
Mon Oct 27 15:20:59 UTC 2008

On Mon, Oct 27, 2008 at 4:06 PM, Randal L. Schwartz
<merlyn at stonehenge.com> wrote:
>>>>>> "Julian" == Julian Fitzell <julian at fitzell.ca> writes:
> Julian> Unless you take action to prevent it, yes. This problem isn't unique
> Julian> to Seaside, of course; any system with session keys in URLs will be
> Julian> have the same problem. You can, of course, configure the session key
> Julian> to be stored in cookies, which eliminates the problem.
> Of course, you trade one problem for another there. If you use session
> cookies, you won't be able to have a single browser with two separate sessions
> in two separate windows, because the cookie is browser-wide.

Of course.

> Perhaps, you could add a cookie to identify a particular browser, and then use
> Seaside sessions in the URL to identify a particular session for a particular
> browser.

Yup. That would be a good candidate for a RequestFilter (or could be
incorporated into the existing WAProtectionFilter (what
WASessionProtector has become in 2.9). Anybody want to contribute
code? :)


More information about the seaside mailing list