Re: httpGate for non-picolisp apps

2020-08-29 Thread andreas 
Benefit with session-id in URL/page vs. session cookies: zero cross-site
request forgery
 risk.

On 29.08.20 08:53, Tomas Hlavaty wrote:
> Hi Grant,
>
> On Sat 29 Aug 2020 at 01:04, Grant Shangreaux  
> wrote:
>>> I suspect other apps cannot handle this.
>> i thought this was probably the case. just wondered if someone out
>> there may have tried and come up with a solution already :)
> unfortunately, httpGate has a fatal flaw: when a session ends, users end
> up with a dead url.  You have to train your users to know what to do in
> such situation.
>
> This could be fixed by adding a fallback case to httpGate.
>
> Or simply use a different server, where this is easier to do already.
> For example, see nginx config with fallback described here
> https://logand.com/blog/picolisp-behind-nginx-proxy.html
>
> Cheers
>
> Tomas
>

Re: httpGate for non-picolisp apps

2020-08-29 Thread Alexander Burger 
Hi Tomas, Grant,

> unfortunately, httpGate has a fatal flaw: when a session ends, users end
> up with a dead url.  You have to train your users to know what to do in
> such situation.

This is actually not a flaw of httpGate, but results from the fact that when a
session expires, it is gone. No way to re-activate it without a new
authentication.

In praxis, this is not a problem. A session never expires as long as the user
does not close the browser, or moves to some other place without keeping at
least one tab open to the application.


> This could be fixed by adding a fallback case to httpGate.

httpGate does have such a fallback: If a file (or symbolic link) named "void"
exists, it is sent as a reply for terminated sessions. It may contain anything,
e.g. a redirect to the application's login page.

☺/ A!ex

-- 
UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe

Re: httpGate for non-picolisp apps

2020-08-29 Thread Tomas Hlavaty 
Hi Grant,

On Sat 29 Aug 2020 at 01:04, Grant Shangreaux  wrote:
>> I suspect other apps cannot handle this.
>
> i thought this was probably the case. just wondered if someone out
> there may have tried and come up with a solution already :)

unfortunately, httpGate has a fatal flaw: when a session ends, users end
up with a dead url.  You have to train your users to know what to do in
such situation.

This could be fixed by adding a fallback case to httpGate.

Or simply use a different server, where this is easier to do already.
For example, see nginx config with fallback described here
https://logand.com/blog/picolisp-behind-nginx-proxy.html

Cheers

Tomas

-- 
UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe