[Seaside] Fallback to support cookie-less browsers

Boris Popov boris at deepcovelabs.com
Thu Dec 21 23:40:44 UTC 2006 

Hmm, lemme look at it carefully again (attached trace.log)

Request 1
5. GET /online (no cookies sent)

Response
16. Location: http://localhost:7777/online?_k=tWrqhMOR
18. Set-Cookie: online=YifYoJwmZkCIMlFu

Request 2
56. GET /online?_k=tWrqhMOR

Response
67. Location:
http://localhost:7777/online?_s=sWgSeVNVeWbixaqs&_k=JsJkMDGz&3

Request 3
106. GET /online?_s=sWgSeVNVeWbixaqs&_k=JsJkMDGz&3

Response
117. http://localhost:7777/online?_s=sWgSeVNVeWbixaqs&_k=Krsohlyu

Request 4
156. GET /online?_s=sWgSeVNVeWbixaqs&_k=Krsohlyu

Response
184. Recv data, 4085 bytes

The way it works, is whenever you walk into a session with a "_k" param
and you supplied no cookies, assume the browser does not support them
and switch that session into a cookie-less mode and start including "_s"
in the URL.

Feels a bit odd, doesn't it?

-Boris

-- 
+1.604.689.0322
DeepCove Labs Ltd.
4th floor 595 Howe Street
Vancouver, Canada V6C 2T5

boris at deepcovelabs.com

CONFIDENTIALITY NOTICE

This email is intended only for the persons named in the message
header. Unless otherwise indicated, it contains information that is
private and confidential. If you have received it in error, please
notify the sender and delete the entire message including any
attachments.

Thank you.

-----Original Message-----
From: seaside-bounces at lists.squeakfoundation.org
[mailto:seaside-bounces at lists.squeakfoundation.org] On Behalf Of Avi
Bryant
Sent: Thursday, December 21, 2006 3:27 PM
To: The Squeak Enterprise Aubergines Server - general discussion.
Subject: Re: [Seaside] Fallback to support cookie-less browsers

Interesting... doesn't that rely on the first request to the session
having some cookies, though (that aren't being set by Seaside)?
Admittedly there always does seem to be cookie cruft being passed back
and forth but I'm not sure it's the best idea to rely on that.  Or am
I missing something?

Avi

On 12/21/06, Boris Popov <boris at deepcovelabs.com> wrote:
> You know that problem that you can't enable cookies without risking
> throwing your clients (and server) into an endless loop of redirects
> when said clients have their cookies disabled/disallowed? Here's a
first
> stab at addressing the issue, details logs below. It's a VisualWorks
> fileout, but it's a really tiny set of 3 changes, so I was hoping for
a
> peer review of some sorts to see if that even makes sense ;)
>
> Cheers!
>
> ----- Cookies Disabled Without Fixes -----
>
> curl -L http://localhost:7777/online
> curl: (47) Maximum (50) redirects followed
>
>
> ----- Cookies Disabled With Fixes -----
>
> curl -Li http://localhost:7777/online
>
> HTTP/1.1 302 Found
> Location: http://localhost:7777/online?_k=BPlZDLES
> Set-Cookie: online=SHdxyvpHgSYIuAAN
>
> HTTP/1.1 302 Found
> Location:
http://localhost:7777/online?_s=ISLgZslhOnSNpxzr&_k=OqbbsbFi&3
>
> HTTP/1.1 302 Found
> Location: http://localhost:7777/online?_s=ISLgZslhOnSNpxzr&_k=xXlOiQYU
>
> HTTP/1.1 200 OK
> Content-Length: 4582
>
>
> ----- Cookies Enabled With Fixes -----
> C:\>curl -c cookie.jar -Li http://localhost:7777/online
> HTTP/1.1 302 Found
> Location: http://localhost:7777/online?_k=zhwNopRt
> Set-Cookie: online=NotjJZEehYAPhKxY
>
> HTTP/1.1 302 Found
> Location: http://localhost:7777/online?_k=CgSFaeCy&3
>
> HTTP/1.1 302 Found
> Location: http://localhost:7777/online?_k=WHYjcAeu
> Set-Cookie: online=NotjJZEehYAPhKxY
>
> HTTP/1.1 200 OK
> Set-Cookie: online=NotjJZEehYAPhKxY
> Content-Length: 4279
>
> -Boris
>
> --
> +1.604.689.0322
> DeepCove Labs Ltd.
> 4th floor 595 Howe Street
> Vancouver, Canada V6C 2T5
>
> boris at deepcovelabs.com
>
> CONFIDENTIALITY NOTICE
>
> This email is intended only for the persons named in the message
> header. Unless otherwise indicated, it contains information that is
> private and confidential. If you have received it in error, please
> notify the sender and delete the entire message including any
> attachments.
>
> Thank you.
>
>
>
> _______________________________________________
> Seaside mailing list
> Seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>
>
>
>
_______________________________________________
Seaside mailing list
Seaside at lists.squeakfoundation.org
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
-------------- next part --------------
A non-text attachment was scrubbed...
Name: trace.log
Type: application/octet-stream
Size: 12562 bytes
Desc: trace.log
Url : http://lists.squeakfoundation.org/pipermail/seaside/attachments/20061221/cddad5a5/trace-0001.obj

More information about the Seaside mailing list