[Seaside] Seaside Sessions in a Blog Server
Miguel Enrique Cobá Martinez
miguel.coba at gmail.com
Sat Oct 17 19:27:51 UTC 2009
El sáb, 17-10-2009 a las 15:39 -0300, Hernán Morales Durand escribió:
> Hi Karsten
> 2009/10/17 Karsten <karsten at heeg.de>:
> > Hi,
> > there's this constant example of building a blog server with whatever web
> > framework. If you try to build a real webserver in Seaside you've got to
> > handle sessions somewhat properly. If you view a post and have a comment
> > input field then the session will be started when you open the post. After
> > reading through a very lengthly post the session is probably times out.
> > After writing a lengthly comment it's certainly timed out. If the user
> > submits the comment after the session is timed out, his comment is lost.
> This situation is very common in mobile environments, when the client
> moves at places outside the network connectivity range, and then need
> to reconnect many times.
> > The easiest way to handle this is to set the session timeout to maybe a day
> > or so. However, i'd rather use a short session time to not have tons of
> > sessions in the image.
> And another good reason for keep short session times is to prevent
> session hijacking. The longer session duration, the longer chances for
> a succesful sniffing.
> > What would be the right way to handle that kind of
> > situations?
> I would do this:
> -Separate a session in two objects: One for the proper Session
> Duration, and another one for the Data of the session.
> -Assign to the Session Duration object a common duration for a valid session.
> -Assign to the Session Data object a longer duration (it could be
> navigational information or data in forms).
> This way, when a client session expires, the data entered would still
> there available. Of course you will need two identifiers and link them
> to do a valid re-authorization.
> How difficult would be to do that in Seaside?
Other option will be to use something like the autosave feature of rich
editors like TinyMCE so that at least with the comments you don't lost
all the text. This also will keep the session open.
> seaside mailing list
> seaside at lists.squeakfoundation.org
More information about the seaside