Re: [Gnumed-devel] GNUmed web interface

gnumed-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnumed-devel] GNUmed web interface - state of affairs

From:	lkcl
Subject:	Re: [Gnumed-devel] GNUmed web interface - state of affairs
Date:	Fri, 16 Jul 2010 03:29:56 -0700 (PDT)



Jim Busser wrote:
> 
> On 2010-07-15, at 7:47 AM, Sebastian Hilbert wrote:
> 
>> as long as
>> the user does not clear the browser's cache, the user will always be
>> connected to the exact same back-end web server process.
> 
> Will the backend need a special table in which to store these cookies?
> 
in ordinary web application frameworks, typically yes.  however with
multitaskhttpd the whole point is that the cookies are in-memory, single
process, accessible across *all* incoming requests, and so the "need" to
store the cookies in some "special table", because you have no idea which
"thread" or "process" will be dealing with a particular request, is entirely
gone.


> 
> Is the need for permanent cookies or (for example) would once-a-day
> cookies be sufficient?
> 
the lifetime of the cookie needs to be as great as the application-specific
timeout period specified for logins / idle activity.


> 
> If the backend cannot know which cookies will never again be used, because
> the user
> 
> may upgrade a browser, without bringing forward the cookies
> may use a variety of browsers, and not use them again
> may use a guest machine, and never use it again (risk)
> 
that's fine.  after an application-specific timeout, the back-end process
will die, problem solved.


> may turn off cookies and generate new ones
>       (what happens to the old browser side cookies?)
> 
> should the server be designed to refuse connections from browsers that
> will not accept cookies, and to periodically (daily) flush all cookies?
> 

 yup.

 exactly how that can be achieved is tricky.  it will almost certainly have
to be a job done by the proxy itself, perhaps by:

* setting a cookie
* responding with a "REDIRECT" with the exact same URL
* seeing if the cookie was set in the re-connect
* if not, throw up an "error page" saying "cookies must be allowed!"
* if yes, allow the request through to the proxy

if you allow non-cookie-accepting browsers through, you're in deep shit. 
each request coming through will result in yet another permanent back-end
process being created, and the server will quickly be run out of resources.

-- 
View this message in context: 
http://old.nabble.com/GNUmed-web-interface---state-of-affairs-tp29173862p29182210.html
Sent from the GnuMed - Dev mailing list archive at Nabble.com.

[Prev in Thread]

Current Thread

[Next in Thread]

[Gnumed-devel] GNUmed web interface - state of affairs, Sebastian Hilbert, 2010/07/15
- Re: [Gnumed-devel] GNUmed web interface - state of affairs, Jim Busser, 2010/07/15
  - Re: [Gnumed-devel] GNUmed web interface - state of affairs, Sebastian Hilbert, 2010/07/16
    - Re: [Gnumed-devel] GNUmed web interface - state of affairs, lkcl, 2010/07/16
  - Re: [Gnumed-devel] GNUmed web interface - state of affairs, lkcl <=

Prev by Date: Re: [Gnumed-devel] GNUmed web interface - state of affairs
Next by Date: Re: [Gnumed-devel] json service
Previous by thread: Re: [Gnumed-devel] GNUmed web interface - state of affairs
Next by thread: [Gnumed-devel] Drug dosage (usage) in renal failure
Index(es):
- Date
- Thread