cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Antonio Gallardo" <agalla...@agsoftware.dnsalias.com>
Subject Re: [flow] session creation
Date Tue, 15 Jul 2003 19:25:07 GMT
Vadim Gritsenko dijo:
> Christopher Oliver wrote:
>
>>>> -1 to having "request" or "context" scope.
>>>
> ...
>
>> Sorry, what I meant was that for the case you mention you don't need
>> the context. So for now I can't think of a reason why you need request
>>  or context "scope".
>
>
> Actually, I've got an idea: session is not required too! :)
> Will this work?
>
> cocoon.context.myCtxAttr = "application-wide data";
> cocoon.session.myAttribute = "per user data like login ID";
> cocoon.request.myAttribute = "per request data";
>
> var myVar = "currently -- same as session attribute";
> function flow() {
>     var myVar ="same as per request data";
> }
>

Yep. I think this is viable. At the end it is a kind of session. Of course
the session stuf done by the developer.

My point of view is that in order to take advantage of continuation and
control the flow, we always need some mechanism to get a "flag" back from
the user that allow us identify the user.

Another mechanism can be "store" the IP address to restrict the use of
more than once session per machine. I dont know, maybe someone can take
advantage of this getting the client IP and store it as the identity of
the user. This can work in an intranet environment, since in internet many
people connect from the same gateway computer. User computers are behind a
firewall (sometimes) and the gateway computer or a web (cache, proxy)
computer.
>
> If it works.... The only thing which *needs* to be changed is this
> automatic session creation. Should be a way to disable it.

I saw a simple example without session. When a user ask for some public
avaliable data stored in a database. If someone is using flow, then it can
first retrieve the data, verify some info on retrieved data (or make some
operations on data and at the end use a simple sendpage(). In that case we
does not need any session.

I also see the flow and continuation as a feature that can us go away from
actions.

Best Regards,

Antonio Gallardo.


>
> Vadim




Mime
View raw message