[albatross-users] multiple session support

Thu Jul 3 22:23:39 EST 2003

>>>>> "Sheila" == Sheila King <sheila at thinkspot.net> writes:

Sheila> Hello, I got a question today from a team member, and I think
Sheila> the answer is "yes" but I just wanted to verify that with the
Sheila> list.

Sheila> The question was:

Sheila> "Multiple sessions/browser windows open is something to keep
Sheila> in mind. Does the Albatross framework allow multiple sessions
Sheila> for 1 account / from 1 computer?"

The answer is probably "it depends".

For client side sessions all of the state is stored in hidden fields
in forms at the browser.  This means that there is no restriction over
how many windows you point at a single application.

For server side sessions Albatross uses a unique session id in a
cookie to identify the session.

If you have installed a server side session Albatross application, and
you are running mozilla, you can see the cookie by using the Cookie
Manager (on the Tools menu).  When you look at the cookie in the
browser you will notice that it has the following attributes (amongst
others); host, name, path, and information.

When the browser sends a request to a URL at a server it looks up its
cookie database for any cookies that match the same host and URL path.
All cookies that match it are sent as headers in the HTTP request to
the server.

In server side session Albatross applications you specify a
session_appid argument to the application constructor.  This value is
sent to the browser in the form of a cookie containing the session id.
For example, the popview3 application constructor looks like:

   SimpleSessionApp(base_url = 'popview.py',
                    template_path = '.',
                    start_page = 'login',
                    secret = '-=-secret-=-',
                    session_appid = 'popview3')

This causes the server to send a set-cookie request like this to the
browser something like this:

   Set-Cookie: popview3=1234567812345678

The browser then stores the cookie value in the cookie database so
that the next time you send a request to the same URL path on the same
server it can send back the cookie.

Sheila> At this point, I'm wondering exactly what he means by this?

What he probably means is that by using cookie you restrict each
browser to a single session for each Albatross application at each web
server.

Sheila> I can't find anything about multiple sessions in the albatross
Sheila> documentation and the closest I found in the mailing list
Sheila> archives is this:
Sheila> <http://object-craft.com.au/pipermail/albatross-users/2003-April/000340.html>

Andrew is talking about something else.  He is pointing out another
problem with server side sessions; when the user goes back in their
page history at the browser and submits a form.  The problem here is
that old pages in the browser history probably contain content
dependent on state that no longer exists at the server.  If the user
submits a form from an old page then you are probably going to have
some sort of application failure.

There are some way to partially reduce the exposure to this problem.
Andrew mentioned one scheme in the above message.

Sheila> Does anyone have an idea what the purpose or desireability of
Sheila> multiple sessions for one account from one computer would be?

I have on occasion thought that it might be nice to support multiple
sessions to the same application in Albatross.  It would make for a
very complex application though.  You might find it easier to solve
the problem with multiple applications.

Sheila> And would it be possible to implement in Albatross?

Yes it would be possible to implement something in Albatross.  It
would require the development of some extra Albatross mixins though.

Sheila> (The guy who asked is mostly a PHP and Perl programmer, so I'm
Sheila> not sure if that has anything to do with where he's coming
Sheila> from or not?)

Couldn't say.

- Dave

-- 
http://www.object-craft.com.au