[Seaside] sharing sessions through links..
Julian Fitzell
jfitzell at gmail.com
Mon Oct 27 15:20:59 UTC 2008
On Mon, Oct 27, 2008 at 4:06 PM, Randal L. Schwartz
<merlyn at stonehenge.com> wrote:
>>>>>> "Julian" == Julian Fitzell <julian at fitzell.ca> writes:
>
> Julian> Unless you take action to prevent it, yes. This problem isn't unique
> Julian> to Seaside, of course; any system with session keys in URLs will be
> Julian> have the same problem. You can, of course, configure the session key
> Julian> to be stored in cookies, which eliminates the problem.
>
> Of course, you trade one problem for another there. If you use session
> cookies, you won't be able to have a single browser with two separate sessions
> in two separate windows, because the cookie is browser-wide.
Of course.
> Perhaps, you could add a cookie to identify a particular browser, and then use
> Seaside sessions in the URL to identify a particular session for a particular
> browser.
Yup. That would be a good candidate for a RequestFilter (or could be
incorporated into the existing WAProtectionFilter (what
WASessionProtector has become in 2.9). Anybody want to contribute
code? :)
Julian
More information about the seaside
mailing list