[Seaside] Programmatically replacing a session with a new session
nevin at bountifulbaby.com
Wed Apr 22 00:55:54 UTC 2009
If a Seaside site detects a possibly hijacked session, it would be nice
to programmatically replace their session with a new session, and
otherwise continue. I realize that enough information would have to
exist in the URL so that a new session could be built pointing to the
right point in the website, but that's not the problem for me.
I'm not sure how to programmatically, and transparently, replace a
session with a new session, so that the user doesn't otherwise even know
that it happened. Right now I immediately expire the session, and so
they get the usual "session has expired" message, with the web app (by
itself) then goes to the app entry point with a new session.
How do I make this process more transparent, so that the user isn't even
aware that the session has been switched out from under them?
More information about the seaside