cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeremy Quinn <>
Subject Re: cooperative session handling (was: Dynamic XML generation)
Date Thu, 20 Jul 2000 14:57:24 GMT
At 15:52 +0200 20/07/00, Ulrich Mayring wrote:
>> yea, let XSP make the session for you.
>> why bother invalidating the session?
>How does XSP know when I need a session and when not?

Users of your taglib would do this

<xsp:page create-session="true">
	<your stuff/>

I'm guessing ....

Your TagLib would look to see it it's own things were set up in the session
or not, the existence or not of the session is not the key, obviously if
there is no session at all you can do something about it, but you cannot
assume there will not already be one, maybe created by another
TagLib/Servlet whatever with it's stuff in it.

so your taglib could do something like this:

	if there a session?
		if it contains my auth.stuff?
			go for it
		make one -- this would save users remembering to do create-session="true"

When you want to log a user out, you remove your auth:stuff from the
Session, and only invalidate the session if it contains nothing else. In
fact due to the multithreaded nature of the Beast, it would probably be
safer never to invalidate a session, in case something else was about to
use it.

> I don't want sessions to hang around forever, this is overhead and a security
> issue.

Reading the Servlet Spec ....
Sessions should be automatically invalidated by the server or Servlet
engine, there should be a setting for "session persistence" in your engine.
Servers can offload active sessions to file if memory gets constrained.

hope this helps

regards Jeremy

   Jeremy Quinn                                           Karma Divers
                                                       webSpace Design
                                            HyperMedia Research Centre

   <>     		 <>
    <phone:+44.[0].20.7737.6831>        <>

View raw message