Sessions and Users, was: Re: [Pangloss] [RFC] OpenFrame AppKit ideas

Steve Purkis spurkis at mkdoc.com
Wed Apr 9 11:20:14 BST 2003 

On Tuesday, April 8, 2003, at 05:39  pm, Chris Croome wrote:

> Hi
>
> On Tue 08-Apr-2003 at 04:16:49PM +0100, Steve Purkis wrote:
>>
>> On Tuesday, April 8, 2003, at 10:01  am, Chris Croome wrote:
>>
>>> GET should never change state on the server side, that should be
>>
>> I'm not sure I want to worry about being REST-compliant...  At any
>> rate, it wasn't something I was factoring into the design.
>
> If it's thought of from the beginning I'm not sure it's any more
> work?

I dunno - the only thing I remember about REST is not mixing up GETs 
and POSTs :).  If its easy to do for Pangloss then I will do.  I would 
prefer to keep the underlying architecture more generic.


>>> But perhaps I'm missing something -- what is the idea behind
>>> sessions?
>>
>> The idea in general is to have somewhere to store information
>> about the current user, their request, etc. without having to
>> worry about passing a whole bunch of form parameters back and
>> forth.  How it is used is up to the application developer.
>
> Form parameters are not the only why to make these things available
> in a URI, you can use PATH_INFO, a funny example:

I could use PATH_INFO, yes.  But if I did, I would still plan on using 
sessions.


> Were you thinking of using HTTP authentication for usernames?

We have to in order to be compatible with MKDoc users.  Though that 
will only be for user names - I imagine Pangloss will have different 
user objects under the hood.


>> From Pangloss' point of view, consider the multi-faceted
>> navigation.  I was thinking of storing the user's "filters" in the
>> session -- so when you choose to filter based on a translator's
>> name, that information goes into the session.  Same goes for the
>> language, search keywords, etc.  In this fashion, you don't need
>> to have hidden form fields for each filter you've already
>> selected, which means less work from the template writer's side of
>> things, and also means the application doesn't need to repeat the
>> same work (constructing the filters) for each request.
>
> So you are suggesting the use of cookies? How would this work for ...

Not necessarily - the session id can be stored a URI, cookie, or form 
parameter.


-Steve

More information about the Pangloss mailing list