cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ted" <>
Subject Re: XSP session diffs
Date Sat, 19 Feb 2000 19:34:58 GMT
Mike Engelhart wrote:
> I don't know if you've ever used sessions or not but having them created
> without the hand of the developer doesn't work if someone bookmarks your
> page in the middle of some 5 step process and comes back to your site 9 days
> later and your XSP creates a new session in the middle of the process which
> has nothing in it.  This isn't generally what you want to happen.

Thanks for the point of view, Mike. We have a slew of groupware
applications developed using sessions, and all pages are set to (true)
except for the logout page which is set to (false) then calls
inactivate(). All of these applications are accessible by HTML, WML, and
Voice, so we are very conscious of bookmarking (except for VoxML, which
has a unique set of problems). My technique is to detect the presence of
an authenticator type object in the session. When present, page is
served. When absent, you are made to authenticate or do something to
gain access to the page. We set our sessions to expire in about 10
hours, so it is unlikely that a 5-step process started 9 days ago will
still be there 9 days later.

Thanks again. This is useful perspective in how other developers are
using sessions.


Dr. Teddy Achacoso
GroupServe, Inc.

View raw message