Am Sonntag 25 April 2010 06:57:49 schrieb Ralf M.: > I don't know how other people feel about cookie files > but I personally never liked them. > Ie. the session id is there to know from which user the request is > from, even if there are several users behind a NATted environment (ie. a > router). As I understand it tntnet is an app-server. Would it not be > possible to implement an alternative method for keeping session id's? > > Hi,
there is a feature for identifying a user in a http environment: cookies. If a user disables cookies, he disables the feature for handling sessions. If there is really a need for it, I can add a feature to handle it manually. But there are several problems. Tntnet do not know anything about the application and there is no chance to pull a form variable into the request. The application itself has to do it. A possible solution for handling sessions without cookies is, that the application may read the cookie value and do whatever it needs to transport the cookie to the next request. The next request may then restore the original session scope using this value. But there is a problem: When a component is called, all scoped variables are bound to the session scope in use. If you set the session id later, the scoped variables still point to the previous scope. The solution is, that then application needs to set the session id before the first component is called, which has session variables. That is not that difficult. You may use a component, which reads a query parameter, sets the session id and returns with DECLINED. You can put that comonent into the map url chain, so that tntnet calls it first and since it returns DECLINED, it continues to the next mapping. Tommi ------------------------------------------------------------------------------ _______________________________________________ Tntnet-general mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tntnet-general
