You are welcome Ezra, I'm always glad to help where I can. The one "exception" to all I said yesterday, is that PHP (if I recall correctly) does not store it's Session variables in memory - but instead writes the variables to a specially formatted text file on the Server.
It could be a long shot - but maybe you could do something with dynamically manipulating this file from Witango. I think the folder name which contains these files has the word "session" in it. Hope this helps. Cheers...... Scott Cadillac, Witango.org - http://witango.org 403-281-6090 - [EMAIL PROTECTED] -- Information for the Witango Developer Community --------------------- XML-Extranet - http://xml-extra.net 403-281-6090 - [EMAIL PROTECTED] -- Well-formed Development (for hire) --------------------- ----- Original Message ----- From: "Ezra" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 21, 2003 10:04 AM Subject: Re: Witango-Talk: Sharing vars between witango & php > Hi Scott, > > Thank you for your input, as always! :) I am studying all possible > scenarios at the moment and I am trying to avoid a session management > database but sounds like I am not left with many choices either. > However, I am going to test the possibilities of running ghost apps; > i.e. Tango app processing the main login and then calling up a php > login app via @url and go from there to session time out etc.. > > thanks, > Ezra > > > On Thursday, March 20, 2003, at 04:29 PM, Scott Cadillac wrote: > > > Hi Ezra, > > > > Inherently, Session variables are not normally available across > > Application > > environments, i.e., PHP, Witango, ColdFusion, ASP, etc.... > > > > But....It can be done, with some custom coding based on the following > > principles: > > > > ~~ Outside of the Server, nearly all modern Web-application > > environments > > employ the same Session > > Management methodology, in that they all utilize "session-cookies" to > > match > > and track individual Users to Session Variables stored on the Server. > > > > ~~ Most of these modern Web-application environments have a work-around > > solution for when "session-cookies" are disabled. For example: > > > > ................................ > > The Witango <@USERREFERENCE> value is captured either from the HTTP > > Request > > header containing a "session-cookie" value or from the alternate > > <@USERREFERENCEARGUMENT> Metatag which creates a URL Search argument > > value > > pair, which is the same value as the "session-cookie". Example: > > > > &<@USERREFERENCEARGUMENT> > > ...creates... > > &UserReference=06130935C6A382663E7A2840 > > > > ................................ > > PHP has similar functionality, where the session_id() function returns > > either the HTTP "session-cookie" value or the PHPSESSID= search > > argument > > value. > > > > ................................ > > Likewise, ASP.NET is similar, but they embed the SessionID as part of > > the > > URL for "cookieless" session management. Example: > > > > http://localhost/(lit3py55t21z5v55vlm25s55)/Application/ > > SessionState.aspx > > > > The difference here is that the <@USERREFERENCEARGUMENT> Metatag > > doesn't > > have to be added to all your <A HREF=""></A> values or FORM ACTION > > attributes. > > > > Then, simply calling SessionID returns the value regardless of how it > > is > > managed with the browser. > > > > --------------------------------- > > So, with all that said, in basic terms you need to do the following: > > > > ~ After validating a User's logon session, capture the User's Session > > ID AND > > Application type (Witango, PHP, etc..) and store in a database table, > > along > > with the current timestamp. > > ~ Update the Session record periodically (once every 5 minutes for > > example) > > with new page requests. > > > > Then, when the user hits a page that is a different type (e.g., PHP) > > from > > where they started (e.g. Witango), AND no user$user_id equivalent is > > found -- then you check the database table to see if another validated > > session is currently active (based on the recent timestamp). > > > > If another validated session is found, and has not expired yet - then > > "auto-logon" the user to the PHP page. > > > > (remember, the above is some of the basic logic required) > > > > --------------------------------- > > Some things to keep in mind, are that you examine the timing you want > > to > > employ to make your process as secure as possible, such as how often to > > update the session record verses your environment's default expiry > > timeout > > and such. > > > > Another point to note are the actual Session / User variables. The > > above > > process just "validates" the allowed user, and the actual variables > > are not > > automatically available to each environment. You'll need to implement a > > "auto-logon" function of some kind (in each environment) that assigns > > your > > required variables. Once this is done, then variables can be shared > > through > > either another database table or dynamically written text (or XML) > > files. > > > > It is alot of work, but can be done if you understand the principles of > > Session management, and are strict about what you assign to your User > > scope. > > > > Another "simpler" solution would be to just use POST or Search > > arguments - > > but this is not considered secure because "session" variables are then > > exposed to the web outside or your Server, and of course can add > > performance > > overhead. > > > > ................ > > By the way, I have successfully implemented this process myself where > > Sessions are being automatically validated between Witango and ASP.NET > > pages. > > > > Hope this helps. Cheers............ > > > > Scott Cadillac, > > Witango.org - http://witango.org > > 403-281-6090 - [EMAIL PROTECTED] > > -- > > Information for the Witango Developer Community > > --------------------- > > > > XML-Extranet - http://xml-extra.net > > 403-281-6090 - [EMAIL PROTECTED] > > -- > > Well-formed Development (for hire) > > --------------------- > > > > > > ----- Original Message ----- > > From: "Ezra" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Thursday, March 20, 2003 11:52 AM > > Subject: Witango-Talk: Sharing vars between witango & php > > > > > >> > >> What is the best way to share variables between a php app and a > >> witango > >> app? I need to share a few vars (userid/pass/status/sessionID, etc..) > >> between two apps so there is no need for users to login again when > >> calling apps of different types. I think setting up cookies and have > >> both wi and php apps look for it might be one but not good if cookies > >> are turned off. Any ideas? > >> > >> > >> Don't tell me to convert those php apps to witango! :) > >> > >> > >> thanks, > >> Ezra > >> > >> > >> On Tuesday, March 18, 2003, at 01:58 PM, Troy Sosamon wrote: > >> > >>> > >>> > >>> How about this clock - ha ha. > >>> > >>> http://www.yugop.com/ver3/stuff/03/fla.html > >>> > >>> Troy Sosamon > >>> > >>> -----Original Message----- > >>> From: Aseem Mal [mailto:[EMAIL PROTECTED] > >>> Sent: Friday, March 14, 2003 1:45 PM > >>> To: [EMAIL PROTECTED] > >>> Subject: Witango-Talk: RE: Client-Side Clock > >>> > >>> > >>> > >>> Hi, > >>> I need to use the client-side system-time to build my taf. Is there a > >>> Tango function I can use, or do I have to resort to good old > >>> JavaScript? > >>> > >>> > >>> Aseem Mal > >>> Web Applications Engineer > >>> Execpro Information Services Inc., > >>> 1250, 4th Street > >>> Santa Monica, CA 90401 > >>> E-mail: [EMAIL PROTECTED] > >>> > >>> > >>> -----Original Message----- > >>> From: Chris Millet [mailto:[EMAIL PROTECTED] > >>> Sent: Friday, March 14, 2003 11:34 AM > >>> To: [EMAIL PROTECTED] > >>> Subject: Witango-Talk: Sending email with authentication > >>> > >>> Does anyone know how to have Witango send an email using an SMTP > >>> server > >>> that > >>> requires authentication? > >>> > >>> Chris > >>> > >>> > >>> _____________________________________________________________________ > >>> __ > >>> _ > >>> TO UNSUBSCRIBE: send a plain text/US ASCII email to > >>> [EMAIL PROTECTED] > >>> with unsubscribe witango-talk in the message body > >>> > >>> _____________________________________________________________________ > >>> __ > >>> _ > >>> TO UNSUBSCRIBE: send a plain text/US ASCII email to > >>> [EMAIL PROTECTED] > >>> with unsubscribe witango-talk in the message body > >>> _____________________________________________________________________ > >>> __ > >>> _ > >>> TO UNSUBSCRIBE: send a plain text/US ASCII email to > >>> [EMAIL PROTECTED] > >>> with unsubscribe witango-talk in the message body > >>> > >> > >> ______________________________________________________________________ > >> __ > >> TO UNSUBSCRIBE: send a plain text/US ASCII email to > >> [EMAIL PROTECTED] > >> with unsubscribe witango-talk in the message body > >> > > > > _______________________________________________________________________ > > _ > > TO UNSUBSCRIBE: send a plain text/US ASCII email to > > [EMAIL PROTECTED] > > with unsubscribe witango-talk in the message body > > > > ________________________________________________________________________ > TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] > with unsubscribe witango-talk in the message body > ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body
