[Catalyst] Browser window/tab independent sessions
Octavian Rasnita
orasnita at gmail.com
Mon Jan 8 15:01:43 GMT 2007
Hi,
Maybe I didn't understand well the question, but if the user wants to create
a session that works only in a certain window, but doesn't work in the other
windows, a simple cookie can be used if its expiry date is set to 0.
This way the cookie won't be saved, but it will be memorised by the current
window of the browser, and if the browser window is closed, the session ID
is lost, and the user must log in again for creating another session.
Same thing if he wants to use another window.
Isn't this what is needed?
Octavian
----- Original Message -----
From: "Hermida, Leandro" <Leandro.Hermida at fmi.ch>
To: "The elegant MVC web framework" <catalyst at lists.rawmode.org>
Sent: Monday, January 08, 2007 3:48 PM
Subject: RE: [Catalyst] Browser window/tab independent sessions
> -----Original Message-----
> From: Perrin Harkins [mailto:perrin at elem.com]
> Sent: Friday, January 05, 2007 22:26
> To: ian at iandocherty.com; The elegant MVC web framework
> Subject: Re: [Catalyst] Browser window/tab independent sessions
>
> On Fri, 2007-01-05 at 20:44 +0000, Ian Docherty wrote:
> > Does anyone try to keep different state information in different
> > browser windows/tabs?
>
> Back in the old days, when we used to make websites with our
> stone knives and bear skins, we used to keep state
> information in hidden form fields and query strings. These
> techniques have none of the "global state" problems that cookies do.
>
> Putting things that are specific to a window/tab in a
> cookie-based session is a pet peeve of mine actually, since
> it can break things so spectacularly. If you check, you'll
> see that all of the major web sites like Yahoo and Amazon are
> careful to avoid this kind of issue (multiple tabs don't
> interfere with each other) and they generally seem to use the
> old-school techniques.
>
> > How would I create these URI's for each window. I suppose I
> would have
> > to have a 'create new window' button in the application
> that generated
> > a new window with a unique window_session?
>
> Users are not going to like that. You'll never be able to
> get something like this working without becoming totally
> dependent on JavaScript to manipulate your URLs and tell you
> when new windows are opening. At that point, the hidden form
> fields will look really easy by comparison.
>
> - Perrin
The way cookies work for holding application state has the limitation of
being for every window/tab of that browser type (someone please correct
me if I am wrong). Use Catalyst::Plugin::Session::State::URI to pass
the session IDs through the URI but please read the POD on security
issues related to this!!! I also had to write an app sometime ago where
I didn't use cookies so I just passed the session ID in form hidden
fields (for POSTs) and in the URI (for GETs). Then each browser
window/tab will have its own independent session no prob..
Leandro
_______________________________________________
List: Catalyst at lists.rawmode.org
Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/
Dev site: http://dev.catalyst.perl.org/
More information about the Catalyst
mailing list