[Seaside] Session tracking without URL field yet supporting "multi
session"
Mariano Martinez Peck
marianopeck at gmail.com
Thu Oct 1 13:20:50 UTC 2015
Hi guys,
I am evaluating some improvements for an app, and I would like these 2
features:
1) Do not expose _s in URL
2) I want to be able to open multiple different seaside sessions from
different tabs of the browser.
I was checking the WACookieSessionTrackingStrategy subclasses but of course
that is not gonna work because if I have multiple sessions opened in the
browser, at #cookieFromContext:ifAbsent: there is no way I can guess which
is the real session I must answer for that request.
I am not against using cookies, but I cannot see how that could work.
Anyone has a workaround?
As a second thought, I saw WASslSessionTrackingStrategy (my site does run
with HTTPS over nginx) which looked interesting. Has someone used this
before? I have read a couple of problems with it:
*" An interval that is too short can cause a premature termination of a
session.*
*Also, some Web browsers might have their own timers that affect the
lifetime of the SSL session ID. These Web browsers may not leave the SSL
session ID active long enough to serve as a useful mechanism for session
tracking.*
*"*
I seems the timeout can be easily set in nginx. But I am wondering about
what it says about browsers killing inactive SSL sessions IDs. Have anyone
experienced this?
Thanks in advance,
--
Mariano
http://marianopeck.wordpress.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/seaside/attachments/20151001/8453f4eb/attachment.htm
More information about the seaside
mailing list