Each browser opens up a new session, that's no actual problem.
Sessions are pretty thread safe (correct me if I'm wrong) when they're
accessed from request threads (normal Wicket application flow).
If Browser #1 changes something to user data or some other db data, and
Browser #2 fires a new request, the data is instantly reloaded for that
Browser #2.
Though a problem would be if both instances submit the same type of data,
the last request performed is the one that's stored.
Although there are techniques to overcome this problem as well. Something
like:
http://docs.jboss.org/hibernate/core/3.5/reference/en/html/transactions.html#transactions-optimistic-manual
Some sample code (don't mind the fake names and I simplified the code to
just show the necessary):
public class CustomSession<T extends ModelObject> extends WebSession {
private GenericDetachableModel<T> credentialLDM; // T as the user can be
of 2 object types in our situation
public static CustomSession get() {
return (CustomSession) Session.get();
}
public void setUser(GenericDetachableModel<T> credentialLDM) {
this.credentialLDM = credentialLDM;
}
public synchronized GenericDetachableModel<T> getUser() {
return credentialLDM;
}
}
And in the code where I need the user object I just make a call to:
"CustomSession.get().getUser().getObject()";
This will always retrieve the latest user instance in the database and is
valid during a complete Request.
And just as Martin said, put a memcache in between and the database
requests are minimized, if not already loaded from the Hibernate cache.
The LDM would be like:
public class GenericDetachableModel<T extends ModelObject> extends
LoadableDetachableModel<T> {
@SpringBean(name = "service")
private Service service;
public GenericDetachableModel(T entity) {
this.entityId = entity.getId();
if (entity instanceof HibernateProxy) {
this.entityClass =
(Class) ((HibernateProxy)
entity).getHibernateLazyInitializer().getImplementation().getClass();
} else {
this.entityClass = (Class) entity.getClass();
}
InjectorHolder.getInjector().inject(this);
}
@Override
protected T load() {
return service.getObject(entityClass, entityId);
}
}
I do have some more session functionality to mingle with the user object,
but they are not important in this matter.
On Mon, 03 Oct 2011 10:41:15 +0200, Zeldor <[email protected]> wrote:
Marco:
And it works without problems? There is no issue with user trying to log
from 2 browser on same time, trying to cheat the system? I am just
wondering
if there is any risk of that.
How does your code look then in session and how do you fetch your data?
Martin:
I was trying to save on costs, where on AppEngine you are billed for
every
DB query, while memcache is pretty much free. Is it really hard to keep
session data in sync? Only that user can modify his data.
--
View this message in context:
http://apache-wicket.1842946.n4.nabble.com/Authentication-and-sessions-the-right-way-tp3866840p3866906.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
--
Using Opera's revolutionary email client: http://www.opera.com/mail/
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
