[Seaside] sharing sessions through links..

Randal L. Schwartz merlyn at stonehenge.com
Tue Oct 28 17:32:26 UTC 2008


>>>>> "Dave" == Dave Bauer <dave.bauer at gmail.com> writes:

Dave> Hi, I have been lurking for a long time, interested in seaside, but
Dave> working with other web apps right now. That said, I have experience
Dave> developing this type of system. The fact that the session identifier
Dave> is not in a cookie doesn't really matter here. You need two cookies
Dave> anyway. One for user identity and one for session identity. This way
Dave> you can timeout a session, for example and require reauthentication,
Dave> or require reauthentication for certain actions, such as amazon.com.
Dave> Of course the exact details depend on your application.

No, you don't need two cookies --- you need only one cookie, as I demonstrated
my magazine article
(http://www.stonehenge.com/merlyn/WebTechniques/col61.html). You can't count
on a cookie going away as a means of timing out of session, since the browser
can do whatever it wants and client-side software can lie. So really, all you
need to do is distinguish this browser from all other browsers, and then use
server-side state to manage what that actually means. Fortunately, in Seaside,
we have an easy place to put server-side data, and time it out. Much easier
than when I was doing this with Perl.

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn at stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc.
See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion


More information about the seaside mailing list