Expiry of AIDA sessions

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Expiry of AIDA sessions

Herbert König
Hi,

I just had a bugging experience with a pier based website:

I was away for about an hour and clicking on a link got me an error
because the session had expired.

I can't reproduce in my own apps. (I can't accept this, because my
pages are applications to the end user and session expiry would mean
data loss)

So the question is:
How is session expiry controlled in AIDA?

I know I could circumvent this by placing a periodic updater of e.g. 10
minutes on every view, but I'd like to know anyway.


Thanks,

Herbert                          mailto:[hidden email]

_______________________________________________
Aida mailing list
[hidden email]
http://lists.aidaweb.si/mailman/listinfo/aida
Reply | Threaded
Open this post in threaded view
|

Re: Expiry of AIDA sessions

Janko Mivšek
Hi Herbert,

Herbert König pravi:

> I just had a bugging experience with a pier based website:
>
> I was away for about an hour and clicking on a link got me an error
> because the session had expired.
>
> I can't reproduce in my own apps. (I can't accept this, because my
> pages are applications to the end user and session expiry would mean
> data loss)
>
> So the question is:
> How is session expiry controlled in AIDA?

> I know I could circumvent this by placing a periodic updater of e.g.
> 10 minutes on every view, but I'd like to know anyway.

In Aida a session never expires. What we do usually during the night is
an application state cleanup, which could in certain circumstances cause
the same effect as session expiry on Seaside. But even that can be
avoided with careful App design if needed. I never needed yet, so no
problem.

Another thing are guest/anonymous sessions. On a site like
http://www.squeak.org we cleanup every hour those inactive more than an
hour, mostly to handle Denial of service attacks well. But this never
produces the same effect as on Pier, because we always use REST-full
urls. Guest sessions are also always in "read-only" mode while for
editing you need to be logged in. And as I said, those sessions never
expire.

Best regards
Janko

--
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si
_______________________________________________
Aida mailing list
[hidden email]
http://lists.aidaweb.si/mailman/listinfo/aida
Reply | Threaded
Open this post in threaded view
|

Re: Expiry of AIDA sessions

Herbert König
Hi Janko,


JM> Another thing are guest/anonymous sessions. On a site like
JM> http://www.squeak.org we cleanup every hour those inactive more than an
JM> hour, mostly to handle Denial of service attacks well. But this never
JM> produces the same effect as on Pier, because we always use REST-full
JM> urls. Guest sessions are also always in "read-only" mode while for
JM> editing you need to be logged in. And as I said, those sessions never
JM> expire.
thanks, that's good news!


Cheers,

Herbert                            mailto:[hidden email]

_______________________________________________
Aida mailing list
[hidden email]
http://lists.aidaweb.si/mailman/listinfo/aida