Hey Grant, 2009/4/20 Grant Gray <[email protected]>: > 1. Session management - what is the suggested method for session validation > on each page request, and redirecting to a login page where the session has > expired (ie. front-director behavior)?
Session validation happens automatically by Wt on every page request -- a request is only legal if it has the correct "secret wtd". If security is very important to you, you should deploy using SSL (https). Note that on Linux, the wtd will be generated using a non-deterministic random device. Sessions will not expire in Wt -- there are keep-alive messages that keep the session alive as long as the user has the application open. In case a user returns to an expired session, the application will be restarted -- so your login page should be the page you show when the application is started. > 2. Direct HTTP download - my web application needs to make some dynamically > generated files available via HTTP download. These files are stored in the > local filesystem. Access to these downloads needs to be authenticated (using > the session management above). Is there a witty-centric method for such > downloads, or should I delegate this task to the web server? Use a WResource. They are also automatically validated that they belong to the correct session. You can use a WFileResource to stream a file from the file system, or implement a WResource to dynamically generate the file on the fly without ever storing it on the file system. Regards, koen ------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p _______________________________________________ witty-interest mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/witty-interest
