[Seaside] sharing sessions through links..

[Dave Bauer]

On Tue, Oct 28, 2008 at 1:32 PM, Randal L. Schwartz
<merlyn at stonehenge.com> wrote:
>>>>>> "Dave" == Dave Bauer <dave.bauer at gmail.com> writes:
>
> Dave> Hi, I have been lurking for a long time, interested in seaside, but
> Dave> working with other web apps right now. That said, I have experience
> Dave> developing this type of system. The fact that the session identifier
> Dave> is not in a cookie doesn't really matter here. You need two cookies
> Dave> anyway. One for user identity and one for session identity. This way
> Dave> you can timeout a session, for example and require reauthentication,
> Dave> or require reauthentication for certain actions, such as amazon.com.
> Dave> Of course the exact details depend on your application.
>
> No, you don't need two cookies --- you need only one cookie, as I demonstrated
> my magazine article
> (http://www.stonehenge.com/merlyn/WebTechniques/col61.html). You can't count
> on a cookie going away as a means of timing out of session, since the browser
> can do whatever it wants and client-side software can lie. So really, all you
> need to do is distinguish this browser from all other browsers, and then use
> server-side state to manage what that actually means. Fortunately, in Seaside,
> we have an easy place to put server-side data, and time it out. Much easier
> than when I was doing this with Perl.
>
Yes you are right! You only need one cookie if you put the session
identifier in the URL. Otherwise you would need two cookies. They are
similar solutions. Since Seaside has session_id in the URL you don't
use a session cookie.

Dave

> --
> Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
> <merlyn at stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
> Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc.
> See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion
>



-- 
Dave Bauer
dave at solutiongrove.com
http://www.solutiongrove.com