Is it that much work to store continuations in a session? I think that the continuation manager will even become simpler than the current one.
-----Original Message----- From: Sylvain Wallez [mailto:[EMAIL PROTECTED] Sent: Thursday, September 02, 2004 11:50 PM To: [EMAIL PROTECTED] Subject: Re: continuations and session Leszek Gawron wrote: > Is it possible (due to security reasons) to tie every continuation to > a particular user session? This way noone could "hack" into the > application by using an url from history. I have problems with my > application because it allows to run a continuation even if user has > logged out. If continuations were bound to a particular session > destroying the session would invalidate ALL of them - which is much > better solution than invalidating each by hand in flowscript. > > I found this problem and I really have no idea how I could fix this. > Right now it looks like this: <snip what="code"/> > The problem is : I cannot wrap <map:call continuation/> with some > session validator action because I do not know if this continuation > does not belong to login procedure (this way I would block access to > entering data into login form - total security ! :)). > > I would like to keep the application logic intact so every > /baseURL/callSomeFunction.do would show a login form first and then > continue to appropriate page (if user has not been authenticated before). > > Please comment. Well, IMO the only clean way to achieve this is to have a continuations manager that automatically binds new continuations to the current session, thus making fully isolated continuation groups. I proposed this some time ago [1] for other purposes but hadn't the time up to now to actually write it. Want to write it? Sylvain [1] http://marc.theaimsgroup.com/?l=xml-cocoon-dev&m=109161174000777&w=2 -- Sylvain Wallez Anyware Technologies http://www.apache.org/~sylvain http://www.anyware-tech.com { XML, Java, Cocoon, OpenSource }*{ Training, Consulting, Projects }
