tcl-websh-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dav...@dedasys.com (David N. Welton)
Subject Re: session timeouts
Date Tue, 26 Mar 2002 20:45:11 GMT
Ronnie Brunner <ronnie@netcetera.ch> writes:

[ Sorry for the late reply... I am feeling a bit ill and I fell asleep
this afternoon. ]

> Unfortunately I'm not up-to-date on that discussion, but my
> understanding is, that there are different approaches to handle
> timeouts (with some ad- and disadvantages):

The discussion I'm referring to was a quick back-and-forth between
Andrej and Simon when we were discussing the code.  I wanted to check
my understanding against what was discussed, to be sure of what I'm
doing.

> URL timestamp
> + independent of any sessions context (files or other states)
> + could enforce click tracks (only timestamps newer that the last
>   request are allowed: needs serverside state info) 
> - timestamp can be turned off (so it wouldn't work), but this is under
>   the control of the developer -> not a big issue 
> - doesn't properly handle back button issues (use an old link from the
>   browser history but be in a very "current" session)

> Absolute TTL of a session
> + independent of URL
> - usually not very usefull
> - needs a session start reference (i.e. cookie or server side context)

> Timeout on server session
> + keeps track of last access (request) and timeouts after some time of
>   inactivity
> + independent of URL timestamp -> no problems with back button
> - needs a last access reference (i.e. cookie or server side context)

> So my question is: which approach do you try to model with your
> "flow chart" code sample? Which case is the one that is most
> needed/helpful?

I'll be honest: I don't have the experience you guys do with sessions.
You are the developers who have actually used this code and therefore
are the ones who best know what would be helpful.  Simon?

> > session::load

> > if [ we are ageing sessions ] {
> >    if [ timestamp in the url ] {
> >        if [ it's too old ] {
> >            new session 
> >        } else {
> >            update timestamp
> >        }
> >    } else {
> >        new session
> >    }
> > } 

-- 
David N. Welton
   Consulting: http://www.dedasys.com/
     Personal: http://www.dedasys.com/davidw/
Free Software: http://www.dedasys.com/freesoftware/
   Apache Tcl: http://tcl.apache.org/

---------------------------------------------------------------------
To unsubscribe, e-mail: websh-dev-unsubscribe@tcl.apache.org
For additional commands, e-mail: websh-dev-help@tcl.apache.org


Mime
View raw message