Seaside Sessions in a Blog Server

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

Seaside Sessions in a Blog Server

Karsten Kusche
Hi,

there's this constant example of building a blog server with whatever
web framework. If you try to build a real webserver in Seaside you've
got to handle sessions somewhat properly. If you view a post and have a
comment input field then the session will be started when you open the
post. After reading through a very lengthly post the session is probably
times out. After writing a lengthly comment it's certainly timed out. If
the user submits the comment after the session is timed out, his comment
is lost.

The easiest way to handle this is to set the session timeout to maybe a
day or so. However, i'd rather use a short session time to not have tons
of sessions in the image. What would be the right way to handle that
kind of situations? I guess this could be done in initialRequest:, but
how do you figure out which callback-numbers match which input field?

Kind Regards
Karsten





--
Karsten Kusche - Dipl. Inf. - [hidden email]
Georg Heeg eK - Köthen
Handelsregister: Amtsgericht Dortmund A 12812

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: Seaside Sessions in a Blog Server

sebastianconcept@gmail.co
I use a periodic js dummy callback to prevent expiration

sebastian

On 17/10/2009, at 13:09, Karsten <[hidden email]> wrote:

> Hi,
>
> there's this constant example of building a blog server with  
> whatever web framework. If you try to build a real webserver in  
> Seaside you've got to handle sessions somewhat properly. If you view  
> a post and have a comment input field then the session will be  
> started when you open the post. After reading through a very  
> lengthly post the session is probably times out. After writing a  
> lengthly comment it's certainly timed out. If the user submits the  
> comment after the session is timed out, his comment is lost.
>
> The easiest way to handle this is to set the session timeout to  
> maybe a day or so. However, i'd rather use a short session time to  
> not have tons of sessions in the image. What would be the right way  
> to handle that kind of situations? I guess this could be done in  
> initialRequest:, but how do you figure out which callback-numbers  
> match which input field?
>
> Kind Regards
> Karsten
>
>
>
>
>
> --
> Karsten Kusche - Dipl. Inf. - [hidden email]
> Georg Heeg eK - Köthen
> Handelsregister: Amtsgericht Dortmund A 12812
>
> _______________________________________________
> seaside mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: Seaside Sessions in a Blog Server

Julian Fitzell-2
In reply to this post by Karsten Kusche
Hmm... personally, if I was doing a blog, I wouldn't use the
RenderLoop at all (or possibly even sessions) until the user logged in
to edit the blog. I might also use it when they posted a comment, but
not sure. Much better to have it RESTful at that point, I think...

If I was going to use sessions and render loop, I'd just keep the
sessions around - it seems like a nightmare to figure out what
callbacks were supposed to be what once the session is gone. You could
add some kind of hidden field to the form so that you knew what kind
of submission it was, and then I guess you could look through the
request to find appropriate fields. Kind of tacky though...

I guess it would be nice to have a mechanism to move sessions out to
disk after a certain period; somebody could probably do that...

You can also use JavaScript to keep the session alive as long as the
user has the page open...

Julian

On Sat, Oct 17, 2009 at 9:09 AM, Karsten <[hidden email]> wrote:

> Hi,
>
> there's this constant example of building a blog server with whatever web
> framework. If you try to build a real webserver in Seaside you've got to
> handle sessions somewhat properly. If you view a post and have a comment
> input field then the session will be started when you open the post. After
> reading through a very lengthly post the session is probably times out.
> After writing a lengthly comment it's certainly timed out. If the user
> submits the comment after the session is timed out, his comment is lost.
>
> The easiest way to handle this is to set the session timeout to maybe a day
> or so. However, i'd rather use a short session time to not have tons of
> sessions in the image. What would be the right way to handle that kind of
> situations? I guess this could be done in initialRequest:, but how do you
> figure out which callback-numbers match which input field?
>
> Kind Regards
> Karsten
>
>
>
>
>
> --
> Karsten Kusche - Dipl. Inf. - [hidden email]
> Georg Heeg eK - Köthen
> Handelsregister: Amtsgericht Dortmund A 12812
>
> _______________________________________________
> seaside mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: Seaside Sessions in a Blog Server

hernanmd
In reply to this post by Karsten Kusche
Hi Karsten

2009/10/17 Karsten <[hidden email]>:

> Hi,
>
> there's this constant example of building a blog server with whatever web
> framework. If you try to build a real webserver in Seaside you've got to
> handle sessions somewhat properly. If you view a post and have a comment
> input field then the session will be started when you open the post. After
> reading through a very lengthly post the session is probably times out.
> After writing a lengthly comment it's certainly timed out. If the user
> submits the comment after the session is timed out, his comment is lost.
>

This situation is very common in mobile environments, when the client
moves at places outside the network connectivity range, and then need
to reconnect many times.

> The easiest way to handle this is to set the session timeout to maybe a day
> or so. However, i'd rather use a short session time to not have tons of
> sessions in the image.

And another good reason for keep short session times is to prevent
session hijacking. The longer session duration, the longer chances for
a succesful sniffing.

> What would be the right way to handle that kind of
> situations?

I would do this:

-Separate a session in two objects: One for the proper Session
Duration, and another one for the Data of the session.
-Assign to the Session Duration object a common duration for a valid session.
-Assign to the Session Data object a longer duration (it could be
navigational information or data in forms).

This way, when a client session expires, the data entered would still
there available. Of course you will need two identifiers and link them
to do a valid re-authorization.

How difficult would be to do that in Seaside?

Cheers

Hernán
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: Seaside Sessions in a Blog Server

Miguel Cobá
El sáb, 17-10-2009 a las 15:39 -0300, Hernán Morales Durand escribió:

> Hi Karsten
>
> 2009/10/17 Karsten <[hidden email]>:
> > Hi,
> >
> > there's this constant example of building a blog server with whatever web
> > framework. If you try to build a real webserver in Seaside you've got to
> > handle sessions somewhat properly. If you view a post and have a comment
> > input field then the session will be started when you open the post. After
> > reading through a very lengthly post the session is probably times out.
> > After writing a lengthly comment it's certainly timed out. If the user
> > submits the comment after the session is timed out, his comment is lost.
> >
>
> This situation is very common in mobile environments, when the client
> moves at places outside the network connectivity range, and then need
> to reconnect many times.
>
> > The easiest way to handle this is to set the session timeout to maybe a day
> > or so. However, i'd rather use a short session time to not have tons of
> > sessions in the image.
>
> And another good reason for keep short session times is to prevent
> session hijacking. The longer session duration, the longer chances for
> a succesful sniffing.
>
> > What would be the right way to handle that kind of
> > situations?
>
> I would do this:
>
> -Separate a session in two objects: One for the proper Session
> Duration, and another one for the Data of the session.
> -Assign to the Session Duration object a common duration for a valid session.
> -Assign to the Session Data object a longer duration (it could be
> navigational information or data in forms).
>
> This way, when a client session expires, the data entered would still
> there available. Of course you will need two identifiers and link them
> to do a valid re-authorization.
>
> How difficult would be to do that in Seaside?


Other option will be to use something like the autosave feature of rich
editors like TinyMCE so that at least with the comments you don't lost
all the text. This also will keep the session open.

>
> Cheers
>
> Hernán
> _______________________________________________
> seaside mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
--
Miguel Cobá
http://miguel.leugim.com.mx

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: Seaside Sessions in a Blog Server

Karsten Kusche
In reply to this post by Julian Fitzell-2
Hi Julian,

is there a demo for RESTful apps in Seaside available?

Kind Regards
Karsten

Am 17.10.09 18:31, schrieb Julian Fitzell:

> Hmm... personally, if I was doing a blog, I wouldn't use the
> RenderLoop at all (or possibly even sessions) until the user logged in
> to edit the blog. I might also use it when they posted a comment, but
> not sure. Much better to have it RESTful at that point, I think...
>
> If I was going to use sessions and render loop, I'd just keep the
> sessions around - it seems like a nightmare to figure out what
> callbacks were supposed to be what once the session is gone. You could
> add some kind of hidden field to the form so that you knew what kind
> of submission it was, and then I guess you could look through the
> request to find appropriate fields. Kind of tacky though...
>
> I guess it would be nice to have a mechanism to move sessions out to
> disk after a certain period; somebody could probably do that...
>
> You can also use JavaScript to keep the session alive as long as the
> user has the page open...
>
> Julian
>
> On Sat, Oct 17, 2009 at 9:09 AM, Karsten<[hidden email]>  wrote:
>    
>> Hi,
>>
>> there's this constant example of building a blog server with whatever web
>> framework. If you try to build a real webserver in Seaside you've got to
>> handle sessions somewhat properly. If you view a post and have a comment
>> input field then the session will be started when you open the post. After
>> reading through a very lengthly post the session is probably times out.
>> After writing a lengthly comment it's certainly timed out. If the user
>> submits the comment after the session is timed out, his comment is lost.
>>
>> The easiest way to handle this is to set the session timeout to maybe a day
>> or so. However, i'd rather use a short session time to not have tons of
>> sessions in the image. What would be the right way to handle that kind of
>> situations? I guess this could be done in initialRequest:, but how do you
>> figure out which callback-numbers match which input field?
>>
>> Kind Regards
>> Karsten
>>
>>
>>
>>
>>
>> --
>> Karsten Kusche - Dipl. Inf. - [hidden email]
>> Georg Heeg eK - Köthen
>> Handelsregister: Amtsgericht Dortmund A 12812
>>
>> _______________________________________________
>> seaside mailing list
>> [hidden email]
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>>
>>      
> _______________________________________________
> seaside mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>
>
>    

--
Karsten Kusche - Dipl. Inf. - [hidden email]
Georg Heeg eK - Köthen
Handelsregister: Amtsgericht Dortmund A 12812

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: Seaside Sessions in a Blog Server

sebastianconcept@gmail.co
In reply to this post by Miguel Cobá
agree, I'm using an autosave for the blog

sebastian

On 17/10/2009, at 16:27, Miguel Enrique Cobá Martinez <[hidden email]
m> wrote:

> El sáb, 17-10-2009 a las 15:39 -0300, Hernán Morales Durand escribi
> ó:
>> Hi Karsten
>>
>> 2009/10/17 Karsten <[hidden email]>:
>>> Hi,
>>>
>>> there's this constant example of building a blog server with  
>>> whatever web
>>> framework. If you try to build a real webserver in Seaside you've  
>>> got to
>>> handle sessions somewhat properly. If you view a post and have a  
>>> comment
>>> input field then the session will be started when you open the  
>>> post. After
>>> reading through a very lengthly post the session is probably times  
>>> out.
>>> After writing a lengthly comment it's certainly timed out. If the  
>>> user
>>> submits the comment after the session is timed out, his comment is  
>>> lost.
>>>
>>
>> This situation is very common in mobile environments, when the client
>> moves at places outside the network connectivity range, and then need
>> to reconnect many times.
>>
>>> The easiest way to handle this is to set the session timeout to  
>>> maybe a day
>>> or so. However, i'd rather use a short session time to not have  
>>> tons of
>>> sessions in the image.
>>
>> And another good reason for keep short session times is to prevent
>> session hijacking. The longer session duration, the longer chances  
>> for
>> a succesful sniffing.
>>
>>> What would be the right way to handle that kind of
>>> situations?
>>
>> I would do this:
>>
>> -Separate a session in two objects: One for the proper Session
>> Duration, and another one for the Data of the session.
>> -Assign to the Session Duration object a common duration for a  
>> valid session.
>> -Assign to the Session Data object a longer duration (it could be
>> navigational information or data in forms).
>>
>> This way, when a client session expires, the data entered would still
>> there available. Of course you will need two identifiers and link  
>> them
>> to do a valid re-authorization.
>>
>> How difficult would be to do that in Seaside?
>
>
> Other option will be to use something like the autosave feature of  
> rich
> editors like TinyMCE so that at least with the comments you don't lost
> all the text. This also will keep the session open.
>
>>
>> Cheers
>>
>> Hernán
>> _______________________________________________
>> seaside mailing list
>> [hidden email]
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
> --
> Miguel Cobá
> http://miguel.leugim.com.mx
>
> _______________________________________________
> seaside mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: Seaside Sessions in a Blog Server

Julian Fitzell-2
In reply to this post by Karsten Kusche
Not really. :)

I know how it would fit in with the architecture, but not how the API
itself should look so I've never done anything with it. Philippe was
playing with a possible RESTful pattern a few months ago after some
discussion on the list: http://www.squeaksource.com/SeasideMVC.html
(looks like it would need updating to work with 3.0a5).

You could do it fairly straightforwardly by implementing your own
RequestHandler but it would be nice if there was a standard framework
that made it a bit easier than that.

Julian

On Sat, Oct 17, 2009 at 12:56 PM, Karsten <[hidden email]> wrote:

> Hi Julian,
>
> is there a demo for RESTful apps in Seaside available?
>
> Kind Regards
> Karsten
>
> Am 17.10.09 18:31, schrieb Julian Fitzell:
>>
>> Hmm... personally, if I was doing a blog, I wouldn't use the
>> RenderLoop at all (or possibly even sessions) until the user logged in
>> to edit the blog. I might also use it when they posted a comment, but
>> not sure. Much better to have it RESTful at that point, I think...
>>
>> If I was going to use sessions and render loop, I'd just keep the
>> sessions around - it seems like a nightmare to figure out what
>> callbacks were supposed to be what once the session is gone. You could
>> add some kind of hidden field to the form so that you knew what kind
>> of submission it was, and then I guess you could look through the
>> request to find appropriate fields. Kind of tacky though...
>>
>> I guess it would be nice to have a mechanism to move sessions out to
>> disk after a certain period; somebody could probably do that...
>>
>> You can also use JavaScript to keep the session alive as long as the
>> user has the page open...
>>
>> Julian
>>
>> On Sat, Oct 17, 2009 at 9:09 AM, Karsten<[hidden email]>  wrote:
>>
>>>
>>> Hi,
>>>
>>> there's this constant example of building a blog server with whatever web
>>> framework. If you try to build a real webserver in Seaside you've got to
>>> handle sessions somewhat properly. If you view a post and have a comment
>>> input field then the session will be started when you open the post.
>>> After
>>> reading through a very lengthly post the session is probably times out.
>>> After writing a lengthly comment it's certainly timed out. If the user
>>> submits the comment after the session is timed out, his comment is lost.
>>>
>>> The easiest way to handle this is to set the session timeout to maybe a
>>> day
>>> or so. However, i'd rather use a short session time to not have tons of
>>> sessions in the image. What would be the right way to handle that kind of
>>> situations? I guess this could be done in initialRequest:, but how do you
>>> figure out which callback-numbers match which input field?
>>>
>>> Kind Regards
>>> Karsten
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Karsten Kusche - Dipl. Inf. - [hidden email]
>>> Georg Heeg eK - Köthen
>>> Handelsregister: Amtsgericht Dortmund A 12812
>>>
>>> _______________________________________________
>>> seaside mailing list
>>> [hidden email]
>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>>>
>>>
>>
>> _______________________________________________
>> seaside mailing list
>> [hidden email]
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>>
>>
>>
>
> --
> Karsten Kusche - Dipl. Inf. - [hidden email]
> Georg Heeg eK - Köthen
> Handelsregister: Amtsgericht Dortmund A 12812
>
> _______________________________________________
> seaside mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: Seaside Sessions in a Blog Server

Göran Krampe
In reply to this post by Julian Fitzell-2
Julian Fitzell wrote:
> You can also use JavaScript to keep the session alive as long as the
> user has the page open...

In Gjallar we use such a "keep alive" thingy. Works fine for an
"intranet app that you only want to login to once per day"-scenario. :)

regards, Göran

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: Seaside Sessions in a Blog Server

Richard Durr-2
What about Seaside-REST?

2009/10/19 Göran Krampe <[hidden email]>
Julian Fitzell wrote:
You can also use JavaScript to keep the session alive as long as the
user has the page open...

In Gjallar we use such a "keep alive" thingy. Works fine for an "intranet app that you only want to login to once per day"-scenario. :)

regards, Göran


_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside


_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: Seaside Sessions in a Blog Server

Göran Krampe
Richard Durr wrote:
> What about Seaside-REST?

Mmmm, what do you mean? If we have any "REST-ful" stuff in Gjallar? Not
really, we do have a way to resolve URLs like:

    .....Gjallar/case/34

so that after getting past the login dialog you go to the page for case
number 34. This is done by implementing #initialRequest: etc.

For some other REST-ish stuff we also use HttpView2 (my older framework
which is very URL friendly).

regards, Göran

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: Seaside Sessions in a Blog Server

Julian Fitzell-2
In reply to this post by Richard Durr-2
On Mon, Oct 19, 2009 at 2:55 AM, Richard Durr
<[hidden email]> wrote:
> What about Seaside-REST?

Aha! I thought Philippe had done something at ESUG but when I googled,
all I came up with was the MVC thing from earlier in the year.
Seaside-REST is really what I had in mind:

http://lists.squeakfoundation.org/pipermail/seaside-dev/2009-September/003584.html

Thanks Richard.

Julian
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: Seaside Sessions in a Blog Server

Dale
Julian,

Philippe did a CouchDB interface using REST: http://seaside.gemstone.com/ss/CouchDB.html

Dale
----- "Julian Fitzell" <[hidden email]> wrote:

| On Mon, Oct 19, 2009 at 2:55 AM, Richard Durr
| <[hidden email]> wrote:
| > What about Seaside-REST?
|
| Aha! I thought Philippe had done something at ESUG but when I
| googled,
| all I came up with was the MVC thing from earlier in the year.
| Seaside-REST is really what I had in mind:
|
| http://lists.squeakfoundation.org/pipermail/seaside-dev/2009-September/003584.html
|
| Thanks Richard.
|
| Julian
| _______________________________________________
| seaside mailing list
| [hidden email]
| http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside