[Seaside] A session-aware kind of FileLibrary - how/where to start
Esteban Maringolo
emaringolo at gmail.com
Tue Mar 30 12:54:02 UTC 2021
On Tue, Mar 30, 2021 at 6:51 AM Sven Van Caekenberghe <sven at stfx.eu> wrote:
> I would try to look at WAFileHandler, which is responsible for serving the files.
I thought about the same approach.
1. Implement some WARestrictedFileHandler subclass of WAFileHandler,
where you configure (via a preference or plain instVar) the identifier
of the app that has the session registry (e.g. 'myApp')
2. In the handleFiltered: you get a reference to that WAApplication
and then you do something like:
handleFiltered: aRequestContext
| app key session |
app := WAAdmin defaultDispatcher handlerAt: 'myApp'.
key := app trackingStrategy keyFromContext: aRequestContext.
key isNil
ifTrue: [ "generate the 403 response" ]
ifFalse: [
session := app cache at: key ifAbsent: [ nil ].
session isNil
ifTrue: [ "generate 403" ]
ifFalse: [ ("check whether session is valid" ) ifTrue: [^super
handleFiltered: aRequestContext] ifFalse: ["403..."]
]
]
So the approach is to externally access the app session registry and
fetch the session from there.
What is not clear to me is whether you want to restrict access to
regular Seaside FileLibraries or to some other mapping to static files
in a filesystem.
Regards,
Esteban A. Maringolo
More information about the seaside
mailing list