Hi Herbert,
Herbert König pravi:
> I just had a bugging experience with a pier based website:
>
> I was away for about an hour and clicking on a link got me an error
> because the session had expired.
>
> I can't reproduce in my own apps. (I can't accept this, because my
> pages are applications to the end user and session expiry would mean
> data loss)
>
> So the question is:
> How is session expiry controlled in AIDA?
> I know I could circumvent this by placing a periodic updater of e.g.
> 10 minutes on every view, but I'd like to know anyway.
In Aida a session never expires. What we do usually during the night is
an application state cleanup, which could in certain circumstances cause
the same effect as session expiry on Seaside. But even that can be
avoided with careful App design if needed. I never needed yet, so no
problem.
Another thing are guest/anonymous sessions. On a site like
http://www.squeak.org we cleanup every hour those inactive more than an
hour, mostly to handle Denial of service attacks well. But this never
produces the same effect as on Pier, because we always use REST-full
urls. Guest sessions are also always in "read-only" mode while for
editing you need to be logged in. And as I said, those sessions never
expire.
Best regards
Janko
--
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si_______________________________________________
Aida mailing list
[hidden email]
http://lists.aidaweb.si/mailman/listinfo/aida
Locked
