Teapot session

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Teapot session

horrido
Does Teapot's (ZnRequest's?) session ever expire? What is the expiry period?

I can't find where it's specified or configured.
Reply | Threaded
Open this post in threaded view
|

Re: Teapot session

Stephane Ducasse-3
Teapot is a layer on zinc so you may check the Zinc chapters (I do not
know if this is there).


On Mon, Jun 19, 2017 at 1:42 AM, horrido <[hidden email]> wrote:

> Does Teapot's (ZnRequest's?) session ever expire? What is the expiry period?
>
> I can't find where it's specified or configured.
>
>
>
>
> --
> View this message in context: http://forum.world.st/Teapot-session-tp4951845.html
> Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com.
>

Reply | Threaded
Open this post in threaded view
|

Re: Teapot session

Sven Van Caekenberghe-2
If you are talking about ZnServerSessions, the ones returned from ZnRequest>>#session, then the answer is that they are eligible for expiration and cleanup after 1 hour (see ZnServerSession>>#isValid). Cleanup happens inZnSingleThreadedServer>>#periodTasks. Right now, the expiration time is a fixed constant.

> On 19 Jun 2017, at 08:08, Stephane Ducasse <[hidden email]> wrote:
>
> Teapot is a layer on zinc so you may check the Zinc chapters (I do not
> know if this is there).
>
>
> On Mon, Jun 19, 2017 at 1:42 AM, horrido <[hidden email]> wrote:
>> Does Teapot's (ZnRequest's?) session ever expire? What is the expiry period?
>>
>> I can't find where it's specified or configured.
>>
>>
>>
>>
>> --
>> View this message in context: http://forum.world.st/Teapot-session-tp4951845.html
>> Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com.
>>
>


Reply | Threaded
Open this post in threaded view
|

Re: Teapot session

horrido
I've added an attribute to the session called #user...

req session attributeAt: #user ifAbsentPut: user

This is used to determine if I'm logged in. On logout, I would like to remove this attribute, but I can't figure out how to do it. Suggestion?


Sven Van Caekenberghe-2 wrote
If you are talking about ZnServerSessions, the ones returned from ZnRequest>>#session, then the answer is that they are eligible for expiration and cleanup after 1 hour (see ZnServerSession>>#isValid). Cleanup happens inZnSingleThreadedServer>>#periodTasks. Right now, the expiration time is a fixed constant.

> On 19 Jun 2017, at 08:08, Stephane Ducasse <[hidden email]> wrote:
>
> Teapot is a layer on zinc so you may check the Zinc chapters (I do not
> know if this is there).
>
>
> On Mon, Jun 19, 2017 at 1:42 AM, horrido <[hidden email]> wrote:
>> Does Teapot's (ZnRequest's?) session ever expire? What is the expiry period?
>>
>> I can't find where it's specified or configured.
>>
>>
>>
>>
>> --
>> View this message in context: http://forum.world.st/Teapot-session-tp4951845.html
>> Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com.
>>
>
Reply | Threaded
Open this post in threaded view
|

Re: Teapot session

Sven Van Caekenberghe-2

> On 19 Jun 2017, at 15:40, horrido <[hidden email]> wrote:
>
> I've added an attribute to the session called #user...
>
> req session attributeAt: #user ifAbsentPut: user
>
> This is used to *determine if I'm logged in*. On logout, I would like to
> *remove* this attribute, but I can't figure out how to do it. Suggestion?

req session removeAttribute: #user

> Sven Van Caekenberghe-2 wrote
>> If you are talking about ZnServerSessions, the ones returned from
>> ZnRequest>>#session, then the answer is that they are eligible for
>> expiration and cleanup after 1 hour (see ZnServerSession>>#isValid).
>> Cleanup happens inZnSingleThreadedServer>>#periodTasks. Right now, the
>> expiration time is a fixed constant.
>>
>>> On 19 Jun 2017, at 08:08, Stephane Ducasse &lt;
>
>> stepharo.self@
>
>> &gt; wrote:
>>>
>>> Teapot is a layer on zinc so you may check the Zinc chapters (I do not
>>> know if this is there).
>>>
>>>
>>> On Mon, Jun 19, 2017 at 1:42 AM, horrido &lt;
>
>> horrido.hobbies@
>
>> &gt; wrote:
>>>> Does Teapot's (ZnRequest's?) session ever expire? What is the expiry
>>>> period?
>>>>
>>>> I can't find where it's specified or configured.
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://forum.world.st/Teapot-session-tp4951845.html
>>>> Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com.
>>>>
>>>
>
>
>
>
>
> --
> View this message in context: http://forum.world.st/Teapot-session-tp4951845p4951905.html
> Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com.


Reply | Threaded
Open this post in threaded view
|

Re: Teapot session

horrido
Interesting. Auto-complete doesn't show #removeAttribute: as an option.

Another question: After I've logged out, I can still click on Backpage in the browser to get to a page that should no longer be authorized. Is there a way to prevent this? Is there a way to invalidate the page?


Sven Van Caekenberghe-2 wrote
> On 19 Jun 2017, at 15:40, horrido <[hidden email]> wrote:
>
> I've added an attribute to the session called #user...
>
> req session attributeAt: #user ifAbsentPut: user
>
> This is used to *determine if I'm logged in*. On logout, I would like to
> *remove* this attribute, but I can't figure out how to do it. Suggestion?

req session removeAttribute: #user

> Sven Van Caekenberghe-2 wrote
>> If you are talking about ZnServerSessions, the ones returned from
>> ZnRequest>>#session, then the answer is that they are eligible for
>> expiration and cleanup after 1 hour (see ZnServerSession>>#isValid).
>> Cleanup happens inZnSingleThreadedServer>>#periodTasks. Right now, the
>> expiration time is a fixed constant.
>>
>>> On 19 Jun 2017, at 08:08, Stephane Ducasse <
>
>> stepharo.self@
>
>> > wrote:
>>>
>>> Teapot is a layer on zinc so you may check the Zinc chapters (I do not
>>> know if this is there).
>>>
>>>
>>> On Mon, Jun 19, 2017 at 1:42 AM, horrido <
>
>> horrido.hobbies@
>
>> > wrote:
>>>> Does Teapot's (ZnRequest's?) session ever expire? What is the expiry
>>>> period?
>>>>
>>>> I can't find where it's specified or configured.
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://forum.world.st/Teapot-session-tp4951845.html
>>>> Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com.
>>>>
>>>
>
>
>
>
>
> --
> View this message in context: http://forum.world.st/Teapot-session-tp4951845p4951905.html
> Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com.
Reply | Threaded
Open this post in threaded view
|

Re: Teapot session

Sven Van Caekenberghe-2

> On 19 Jun 2017, at 17:11, horrido <[hidden email]> wrote:
>
> Interesting. Auto-complete doesn't show #removeAttribute: as an option.
>
> Another question: After I've logged out, I can still click on Backpage in
> the browser to get to a page that should no longer be authorized. Is there a
> way to prevent this? Is there a way to invalidate the page?

It is in general impossible to prevent the user from going backwards in its browser. Still, it should not make any difference: the session remains de-autherized, so the user can not do any further requests, all the (protected) links s/he clicks are invalid.

> Sven Van Caekenberghe-2 wrote
>>> On 19 Jun 2017, at 15:40, horrido &lt;
>
>> horrido.hobbies@
>
>> &gt; wrote:
>>>
>>> I've added an attribute to the session called #user...
>>>
>>> req session attributeAt: #user ifAbsentPut: user
>>>
>>> This is used to *determine if I'm logged in*. On logout, I would like to
>>> *remove* this attribute, but I can't figure out how to do it. Suggestion?
>>
>> req session removeAttribute: #user
>>
>>> Sven Van Caekenberghe-2 wrote
>>>> If you are talking about ZnServerSessions, the ones returned from
>>>> ZnRequest>>#session, then the answer is that they are eligible for
>>>> expiration and cleanup after 1 hour (see ZnServerSession>>#isValid).
>>>> Cleanup happens inZnSingleThreadedServer>>#periodTasks. Right now, the
>>>> expiration time is a fixed constant.
>>>>
>>>>> On 19 Jun 2017, at 08:08, Stephane Ducasse &lt;
>>>
>>>> stepharo.self@
>>>
>>>> &gt; wrote:
>>>>>
>>>>> Teapot is a layer on zinc so you may check the Zinc chapters (I do not
>>>>> know if this is there).
>>>>>
>>>>>
>>>>> On Mon, Jun 19, 2017 at 1:42 AM, horrido &lt;
>>>
>>>> horrido.hobbies@
>>>
>>>> &gt; wrote:
>>>>>> Does Teapot's (ZnRequest's?) session ever expire? What is the expiry
>>>>>> period?
>>>>>>
>>>>>> I can't find where it's specified or configured.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> View this message in context:
>>>>>> http://forum.world.st/Teapot-session-tp4951845.html
>>>>>> Sent from the Pharo Smalltalk Users mailing list archive at
>>>>>> Nabble.com.
>>>>>>
>>>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>> View this message in context:
>>> http://forum.world.st/Teapot-session-tp4951845p4951905.html
>>> Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com.
>
>
>
>
>
> --
> View this message in context: http://forum.world.st/Teapot-session-tp4951845p4951908.html
> Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com.
>


Reply | Threaded
Open this post in threaded view
|

Re: Teapot session

philippeback
In reply to this post by horrido
Try Ctl-q or Cmd-q after having typed a few chars. Continue until you get a match.

Works in 6.0

Phil

On Mon, Jun 19, 2017 at 5:11 PM, horrido <[hidden email]> wrote:
Interesting. Auto-complete doesn't show #removeAttribute: as an option.

Another question: After I've logged out, I can still click on Backpage in
the browser to get to a page that should no longer be authorized. Is there a
way to prevent this? Is there a way to invalidate the page?



Sven Van Caekenberghe-2 wrote
>> On 19 Jun 2017, at 15:40, horrido &lt;

> horrido.hobbies@

> &gt; wrote:
>>
>> I've added an attribute to the session called #user...
>>
>> req session attributeAt: #user ifAbsentPut: user
>>
>> This is used to *determine if I'm logged in*. On logout, I would like to
>> *remove* this attribute, but I can't figure out how to do it. Suggestion?
>
> req session removeAttribute: #user
>
>> Sven Van Caekenberghe-2 wrote
>>> If you are talking about ZnServerSessions, the ones returned from
>>> ZnRequest>>#session, then the answer is that they are eligible for
>>> expiration and cleanup after 1 hour (see ZnServerSession>>#isValid).
>>> Cleanup happens inZnSingleThreadedServer>>#periodTasks. Right now, the
>>> expiration time is a fixed constant.
>>>
>>>> On 19 Jun 2017, at 08:08, Stephane Ducasse &lt;
>>
>>> stepharo.self@
>>
>>> &gt; wrote:
>>>>
>>>> Teapot is a layer on zinc so you may check the Zinc chapters (I do not
>>>> know if this is there).
>>>>
>>>>
>>>> On Mon, Jun 19, 2017 at 1:42 AM, horrido &lt;
>>
>>> horrido.hobbies@
>>
>>> &gt; wrote:
>>>>> Does Teapot's (ZnRequest's?) session ever expire? What is the expiry
>>>>> period?
>>>>>
>>>>> I can't find where it's specified or configured.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> View this message in context:
>>>>> http://forum.world.st/Teapot-session-tp4951845.html
>>>>> Sent from the Pharo Smalltalk Users mailing list archive at
>>>>> Nabble.com.
>>>>>
>>>>
>>
>>
>>
>>
>>
>> --
>> View this message in context:
>> http://forum.world.st/Teapot-session-tp4951845p4951905.html
>> Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com.





--
View this message in context: http://forum.world.st/Teapot-session-tp4951845p4951908.html
Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com.



Reply | Threaded
Open this post in threaded view
|

Re: Teapot session

Alistair Grant
Hi Phil,

On Mon, Jun 19, 2017 at 09:07:23PM +0200, [hidden email] wrote:
> Try Ctl-q or Cmd-q after having typed a few chars. Continue until you get a
> match.
>
> Works in 6.0
>
> Phil

Thanks!  I wasn't aware of this gem.

Cheers,
Alistair