cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sylvain Wallez <>
Subject Counter-based continuation IDs (was Re: Load-testing flowscript webapps)
Date Wed, 04 Aug 2004 08:49:43 GMT
Reinhard Poetz wrote:

> Sylvain Wallez wrote:


>> My idea is to write a special implementation of ContinuationManager 
>> that would produce IDs based on a counter stored in a session 
>> (meaning each user has a different counter). That way, one can record 
>> a test scenario using JMeter in proxy mode, and replay it with no 
>> modifications.


> After some more thinking about this I remembered that we discussed to 
> put the continuations of a user into its session. This is also a 
> requirement to make Cocoon Flowscript apps capable of being clustered.
> <hint>Wouldn't this be nice feature</hint> :-)

As Gianugo says, there's a long way to go before being clusterizable 
(could be easier with javaflow than with JS flow though). But we can 
start the journey ;-)

Also, along with the simple request recording it allows, I see another 
advantage in this simpler continuation numbering scheme: better 
readability of produced pages. This will avoid these long hexadecimal 
strings that look ugly in the address bar, and allow better 
understanding of what's going on when developing applications (also 
useful when training people).

One could think of security problems such as continuation hijacking 
because of the predictability of continuation IDs (as opposed to the 
SecureRandom used today), but there's actually no problem since each 
session has its own continuation counter. An attacker would first have 
to hijack the session before accessing its continuations. And if the 
session is hijacked, were already doomed anyway.

So I will implement this new scheme and see how's life with simpler URLs ;-)


Sylvain Wallez                                  Anyware Technologies 
{ XML, Java, Cocoon, OpenSource }*{ Training, Consulting, Projects }

View raw message