[Seaside] How to work with sessions
Avi Bryant
avi@beta4.com
Sun, 31 Mar 2002 13:12:13 -0800 (PST)
On Sun, 31 Mar 2002, Alain Fischer wrote:
> Hi Avi,
>
> I wanted to add session management to my application to be able to
> login logout have a session timeout after some defined time of
> unactivity. I wanted a user to logout form his session and to start a
> new session with higer privilege for example.
My experience with HTTP authentication is that once you try to get fancy
it's easier to use your own authentication method instead. What I might
do in your case is use the #aboutToViewPage: method on Session to make
sure you're logged in before showing any pages. Something like
MySession>>aboutToViewPage: aPage
(user isNil or: [self isTimedOut]) ifTrue:
[aPage isAuthenticationPage ifFalse:
[user := aPage callPage: (MyAuthPage new)]]
self updateTimeOut.
super aboutToViewPage: aPage.
Does this make sense? I should probably just include such a session,
since I imagine it's generally useful.
> I have seen the IATransaction, perhaps this could be used instead of
> session.
IATransaction isn't an alternative, it is used as part of session - for a
little more about transactions, see the end of tutorial 2. Basically,
they group page views together that can expire en-masse.