ObjectWeb Consortium
Search ObjectWeb Mail Archive: 

Advanced Search - Powered by Google


Mail Archive Home | enhydra List | Febuary 1999 Index

<--  Date Index  --> <--  Thread Index  -->

Re: Enhydra: Cookie-less session management


I think that providing both an application modification
solution and a no modification solution is necessary.

1. The application modification solution using the
utility method for adding the request argument to the
URL provides the fine grained control for an applicaiton
developer who must work in a no cookie environment.
This also is a simple solution that is easy to implement in
the framework.

2. The no modification solution needs to be implemented
to cover the case where the applicaiton developer does
not have any control or prior knowledge of the user
community.  In this case, you want to be able to have
the ability to determine if cookies are being used by the
client and then make an application decision to either
say "Sotty, this app requires cookies" or make a best
effort using a url rewriting parser in the framework.
This would be with the knowledge that this will degrade
performance somewhat and may not work in all cases
but will at least allow users who are unable to use
cookies to still use the application.

I would suggest implementing 1. first as it is simpler
and provides an alternative for those requiring it.
Then implement 2, perhaps being able to borrow
code from somewhere else like Apache (dpending
on licensing issues of course).

Shawn

joel wrote:

> Ed Boring wrote:
>
> > I for one have been tasked to not require cookies...except
> > in very special cases.  I'd be interested the general level
> > of interest in this also.  I do intend to look at a complete
> > solution.  Hopefully it won't be too much work.
>
> Hi folks--
> I have been following the no-cookies thread on the list. I too would
> like the option of saving state through url-rewritting.
>
> I have already talked with Andy John a little about this, and my
> impression is that it seems like the simplest approach would be to do it
> like the servlet API does. We could simply have a special
> string(EnhydraSessionId) that binds to the session value. Then when the
> developer wanted to use url-rewriting for session management, you would
> just run your url's through a method (just like HttpResponse.encodeUrl()
> ) before you display them. This method would append the key/value pair
> to the url. It seems like it could be implemented without needing to
> change much of the existing Enhydra API.
>
> Anyhow, that's my $0.02
>
> cheers,
> Joel
> -----------------------------------------------------------------------------
> To unsubscribe from this mailing list, send email to majordomo@xxxxxxxxxxx
> with the text "unsubscribe enhydra" in the body of the email.
> If you have other questions regarding this mailing list, send email to
> the list admin at owner-enhydra@xxxxxxxxxxxx

--
Shawn McMurdo
Lutris Technologies, Inc.
mailto:shawn@xxxxxxxxxx
http://www.lutris.com


-----------------------------------------------------------------------------
To unsubscribe from this mailing list, send email to majordomo@xxxxxxxxxxx
with the text "unsubscribe enhydra" in the body of the email.
If you have other questions regarding this mailing list, send email to
the list admin at owner-enhydra@xxxxxxxxxxxx




<--  Date Index  --> <--  Thread Index  -->

Reply via email to:

Powered by MHonArc.

Copyright © 1999-2005, ObjectWeb Consortium | contact | webmaster.