Hi everyone, What's the status on session management? Are there any plans to support it? I'm willing to help out, as I could use this. I'm not sure whether you've already discussed the approaches. I think the following techniques are available [1] (maybe I'm missing something, please correct me):
1. Store session identifier in a cookie 2. Store session identifier in the URL (could imply security problems) 3. Store session identifier in hidden fields (but this of course only works when submitting forms) I think that 1 with a fallback on 2 is a good solution. Furthermore, there are a lot of design issues, for example: * Can a session store arbitrary values (e.g. of type a) * Is there flexibility over how and where session values are stored, like in PHP [2]? * Are sessions bound to a specific IP (solves the security problem in 2?) I think this should be implemented as a separate library, built on top of the existing libraries. I also think that snap-core and -server already provide enough functions to build this functionality. -chris [1]: http://javapapers.com/servlet/explain-the-methods-used-for-session-tracking/ [2]: http://www.php.net/manual/en/function.session-set-save-handler.php _______________________________________________ Snap mailing list [email protected] http://mailman-mail5.webfaction.com/listinfo/snap
