[Seaside] Programmatically replacing a session with a new session

Nevin Pratt nevin at bountifulbaby.com
Wed Apr 22 00:55:54 UTC 2009

If a Seaside site detects a possibly hijacked session, it would be nice 
to programmatically replace their session with a new session, and 
otherwise continue.  I realize that enough information would have to 
exist in the URL so that a new session could be built pointing to the 
right point in the website, but that's not the problem for me.

I'm not sure how to programmatically, and transparently, replace a 
session with a new session, so that the user doesn't otherwise even know 
that it happened.  Right now I immediately expire the session, and so 
they get the usual "session has expired" message, with the web app (by 
itself) then goes to the app entry point with a new session.

How do I make this process more transparent, so that the user isn't even 
aware that the session has been switched out from under them?


More information about the seaside mailing list