Overview
Examples
Screenshots
Comparisons
Applications
Download
Documentation
Tutorials
Bazaar
Status & Roadmap
FAQ
Authors & License
Forums
Funding Ultimate++
Search on this site
Search in forums












SourceForge.net Logo
Home » Community » Newbie corner » sessions in Skylark
Re: sessions in Skylark [message #38445 is a reply to message #38444] Sun, 16 December 2012 17:30 Go to previous message
dolik.rce is currently offline  dolik.rce
Messages: 1792
Registered: August 2008
Location: Czech Republic
Ultimate Contributor
Peter wrote on Sun, 16 December 2012 00:32

1. Suppose I have a web portal that requires users to log in in order to gain access. Now, when a user is logged in, I would like him/her to get logged out after some fixed period of time during which he/she is inactive (doesn't toggle between pages). To be more precise, let's assume my web portal consists of 3 pages: a.html, b.html and c.html. Now, if a user is on one of those pages and refreshes it or moves to another one before 15 minutes have passed, then the current session is sustained for 15 more minutes (or another one is set - will it make any real difference?). If a user stays idle for 15 minutes or more, the current session expires and he/she gets logged out. Additionally, if the user clicks on a "log out" button, current session expires/gets cleared immediately. How can I do that in Skylark?
See attached package, it should demonstrate everything necessary. You can probably use most of the code as is, just remember to call CheckSession() in each handler, it updates the latest activity time.

Peter wrote on Sun, 16 December 2012 00:32

2. I seem to confuse session, session id and session variables.
I always thought session was just some file stored on server.
When session is created, two things happen: a session file is created on server and a cookie with some unique id session identifier (set automatically, not by me) is created on client.
Cookie needs to contain only the id while session usually contains some more information about client, such as his password etc. When session expires, session file is removed from server and corresponding cookie is removed from client. Is that how it works (more or less)? Now, using Skylark terminology:

- "session" = file stored on server
- "session id" = unique identifier corresponding to a given session, stored in cookie on client
- "session variable" - a variable defined in Skylark application, its value is stored in session file on server

Is my reasoning right?

Yes, you're mostly right. It is a bit complex since some of the terms might have multiple meanings Smile Session is one record in the file stored on the server (or one row in database, if you configure it). Session id is a unique identifier, that is stored in the cookie in users browser cookie and is used as a key to find correct session record on the server. Session variables are variables that are stored on the server and provide a way to store data across multiple requests as long as the user sends cookie with constant session id.

Peter wrote on Sun, 16 December 2012 00:32

Now let's assume I need to keep track of two things for any given user:

- is the user logged (is his/her session active)
- the user privileges (is he/she a portal admin and/or subadmin)
Tracking if the user is logged can be done as demonstrated in the attached code. User privileges are IMHO best stored in some globally accessible object that can translate some form of user id to his privileges. The user id can be set as a separate session variable on succesful log in (http.SessionSet("userid", ...) or something like that). It is easier to manage this way when the application starts to grow and you add more and more roles and privileges. There are of course other ways too, for simple web should work what you described too.

Peter wrote on Sun, 16 December 2012 00:32

Of course this information must be passed between different pages of my website. I thought I should set 3 variables with SessionSet(): .SESSION (is the current user logged in), .ADMIN (is the current user an admin), .SUBADMIN (is the current user a subadmin), but now I don't think it's right - this sets three different sessions, doesn't it? Or does it just set one session and three variables storing values associated with that session?

Each session can store many variables, it is stored as a map with variable names as keys. So what you propose is OK and should work. But as I said above, I think there are better ways, but of course it is just my opinion Wink

Peter wrote on Sun, 16 December 2012 00:32

3. Is there any way to read session id for currently logged users from within Skylark application?
Yes, as any other cookie, it can be read with the '@' prefix: http["@__skylark_session_cookie__"] in code or $@__skylark_session_cookie__ in witz (note that the cookie name can be changed in configuration). However, you should not rely on this for anything, it is just a random string. All the info you need to have available about the user should be stored in session variables.

Honza
  • Attachment: Login.zip
    (Size: 2.67KB, Downloaded 244 times)

Report message to a moderator

[Message index]
 
Read Message
Read Message
Read Message
Read Message
Previous Topic: docEdit /lineEdit to array
Next Topic: Compile for Unix on Windows?!?!?!?
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Sun Aug 24 19:18:16 CEST 2025

Total time taken to generate the page: 0.05221 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.5.
Copyright ©2001-2013 FUDforum Bulletin Board Software