Sylvain Wallez wrote:
Reinhard Poetz wrote:
Sylvain Wallez wrote:
<snip/>
My idea is to write a special implementation of ContinuationManager that would produce IDs based on a counter stored in a session (meaning each user has a different counter). That way, one can record a test scenario using JMeter in proxy mode, and replay it with no modifications.
<snip/>
After some more thinking about this I remembered that we discussed to put the continuations of a user into its session. This is also a requirement to make Cocoon Flowscript apps capable of being clustered.
<hint>Wouldn't this be nice feature</hint> :-)
As Gianugo says, there's a long way to go before being clusterizable (could be easier with javaflow than with JS flow though). But we can start the journey ;-)
What do you consider as the main blockers?
Also, along with the simple request recording it allows, I see another advantage in this simpler continuation numbering scheme: better readability of produced pages. This will avoid these long hexadecimal strings that look ugly in the address bar, and allow better understanding of what's going on when developing applications (also useful when training people).
One could think of security problems such as continuation hijacking because of the predictability of continuation IDs (as opposed to the SecureRandom used today), but there's actually no problem since each session has its own continuation counter. An attacker would first have to hijack the session before accessing its continuations. And if the session is hijacked, were already doomed anyway.
So I will implement this new scheme and see how's life with simpler URLs ;-)
No objection ;-)
-- Reinhard
