OK, "TooMuchPressureExpcetion signal". I will do it. There is another open-source-task related to OSSubprocess that I must address first. Then will come to this one. Probably I can also put the code in github.
Will let you know when ready. Cheers, On Thu, Sep 22, 2016 at 2:53 PM, stepharo <steph...@free.fr> wrote: > Mariano > > > It would be cool. > > Why don't you paste it on your blog? > > I hope to get back to the seaside book one of these days and I would like > to add such tips and tricks > > > Stef > > Le 21/9/16 à 18:00, Mariano Martinez Peck a écrit : > > > > On Wed, Sep 21, 2016 at 11:50 AM, Johan Brichau <jo...@inceptive.be> > wrote: > >> >> > On 21 Sep 2016, at 12:31, Petr Fischer <petr.fisc...@me.com> wrote: >> > >> > Hello, two questions about Seaside sessions: >> > >> > 1) URL sharing between different users - what if "boss" shares URL from >> his browser and send it to another regular user - of course, easy way, >> whole URL with session (_s=xxxx) - when another/regular user opens that >> link -> whole "boss" session opens in regular user's browser, with all >> "boss" permissions, UI state etc etc - very bad, is there any solution for >> this? Rewrite every (!) URL with updateURL: is not solution :( >> >> If this is a concern, you can use a cookie for session tracking, but that >> means you cannot have multiple Seaside sessions running in the same browser >> at the same time. >> >> There are probably other ways, but I think the solution is not to rely on >> a session key for authentication. >> Here’s a strategy: >> Keep the Seaside session key in the url for session tracking but use an >> authorization cookie for authorization. Put that cookie when the user logs >> in and check its presence when requests come in for a session. >> I think that using a filter for that is a good choice. >> >> Whenever another user copy/pastes the url, he cannot ‘hijack’ the session >> because he lacks the correct authentication cookie. >> >> > That's exactly what I did in my case. And the way to implement that was > with a custom session tracker that dealt with the cookie plus a filter for > the checking and kickout. > > I can share this if someone wants it (I think I already shared it before) > > > >> > 2) What is the actual way for "session expiration/login page"? There is >> few tutorials and books on the inet - but info about session expiration is >> obsolete :( Methods from tutorials not exists in Seaside 3.2.0. >> > Some trick with WAApplication subclass is actual? >> >> I’m not sure what the question is. Do you want to redirect users to a >> page whenever the session is expired? >> >> cheers >> Johan >> > > > > -- > Mariano > http://marianopeck.wordpress.com > > > -- Mariano http://marianopeck.wordpress.com
