[Seaside] Seaside Sessions in a Blog Server

sebastian sebastian at flowingconcept.com
Sat Oct 17 20:27:22 UTC 2009 

agree, I'm using an autosave for the blog

sebastian

On 17/10/2009, at 16:27, Miguel Enrique Cobá Martinez <miguel.coba at gmail.co 
m> wrote:

> El sáb, 17-10-2009 a las 15:39 -0300, Hernán Morales Durand escribi 
> ó:
>> Hi Karsten
>>
>> 2009/10/17 Karsten <karsten at heeg.de>:
>>> Hi,
>>>
>>> there's this constant example of building a blog server with  
>>> whatever web
>>> framework. If you try to build a real webserver in Seaside you've  
>>> got to
>>> handle sessions somewhat properly. If you view a post and have a  
>>> comment
>>> input field then the session will be started when you open the  
>>> post. After
>>> reading through a very lengthly post the session is probably times  
>>> out.
>>> After writing a lengthly comment it's certainly timed out. If the  
>>> user
>>> submits the comment after the session is timed out, his comment is  
>>> lost.
>>>
>>
>> This situation is very common in mobile environments, when the client
>> moves at places outside the network connectivity range, and then need
>> to reconnect many times.
>>
>>> The easiest way to handle this is to set the session timeout to  
>>> maybe a day
>>> or so. However, i'd rather use a short session time to not have  
>>> tons of
>>> sessions in the image.
>>
>> And another good reason for keep short session times is to prevent
>> session hijacking. The longer session duration, the longer chances  
>> for
>> a succesful sniffing.
>>
>>> What would be the right way to handle that kind of
>>> situations?
>>
>> I would do this:
>>
>> -Separate a session in two objects: One for the proper Session
>> Duration, and another one for the Data of the session.
>> -Assign to the Session Duration object a common duration for a  
>> valid session.
>> -Assign to the Session Data object a longer duration (it could be
>> navigational information or data in forms).
>>
>> This way, when a client session expires, the data entered would still
>> there available. Of course you will need two identifiers and link  
>> them
>> to do a valid re-authorization.
>>
>> How difficult would be to do that in Seaside?
>
>
> Other option will be to use something like the autosave feature of  
> rich
> editors like TinyMCE so that at least with the comments you don't lost
> all the text. This also will keep the session open.
>
>>
>> Cheers
>>
>> Hernán
>> _______________________________________________
>> seaside mailing list
>> seaside at lists.squeakfoundation.org
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
> -- 
> Miguel Cobá
> http://miguel.leugim.com.mx
>
> _______________________________________________
> seaside mailing list
> seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

More information about the seaside mailing list