[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnumed-devel] GNUmed web interface - state of affairs
From: |
lkcl |
Subject: |
Re: [Gnumed-devel] GNUmed web interface - state of affairs |
Date: |
Fri, 16 Jul 2010 03:29:56 -0700 (PDT) |
Jim Busser wrote:
>
> On 2010-07-15, at 7:47 AM, Sebastian Hilbert wrote:
>
>> as long as
>> the user does not clear the browser's cache, the user will always be
>> connected to the exact same back-end web server process.
>
> Will the backend need a special table in which to store these cookies?
>
in ordinary web application frameworks, typically yes. however with
multitaskhttpd the whole point is that the cookies are in-memory, single
process, accessible across *all* incoming requests, and so the "need" to
store the cookies in some "special table", because you have no idea which
"thread" or "process" will be dealing with a particular request, is entirely
gone.
>
> Is the need for permanent cookies or (for example) would once-a-day
> cookies be sufficient?
>
the lifetime of the cookie needs to be as great as the application-specific
timeout period specified for logins / idle activity.
>
> If the backend cannot know which cookies will never again be used, because
> the user
>
> may upgrade a browser, without bringing forward the cookies
> may use a variety of browsers, and not use them again
> may use a guest machine, and never use it again (risk)
>
that's fine. after an application-specific timeout, the back-end process
will die, problem solved.
> may turn off cookies and generate new ones
> (what happens to the old browser side cookies?)
>
> should the server be designed to refuse connections from browsers that
> will not accept cookies, and to periodically (daily) flush all cookies?
>
yup.
exactly how that can be achieved is tricky. it will almost certainly have
to be a job done by the proxy itself, perhaps by:
* setting a cookie
* responding with a "REDIRECT" with the exact same URL
* seeing if the cookie was set in the re-connect
* if not, throw up an "error page" saying "cookies must be allowed!"
* if yes, allow the request through to the proxy
if you allow non-cookie-accepting browsers through, you're in deep shit.
each request coming through will result in yet another permanent back-end
process being created, and the server will quickly be run out of resources.
--
View this message in context:
http://old.nabble.com/GNUmed-web-interface---state-of-affairs-tp29173862p29182210.html
Sent from the GnuMed - Dev mailing list archive at Nabble.com.