> I want users to stay logged into my site for extended periods of time
> (through server restarts, and browser restarts). By default Lift
> stores a User in a SessionVar so this doesn't get me there. I've
> configured jetty so the session cookie doesn't time out for 30 days,
> and I have a database table with a session id -> user id mapping,
Instead of using the http session id, you can maintain you own
login-session id and store this in a cookie. I.e.
1) On login, create cookie with id, add mapping id->user to table
2) On logout, clear the cookie, remove mapping from table
3) If you see a request without an http session, but with valid cookie,
lookup the user id in table and autologin the user
4) Periodically, clean table for entries more than 30 days old
/Jeppe
> Is it more dangerous to store the user's uniqueId in a cookie than to store another uniqueId that's associated with the
> user's uniqueId?
It is if your site has URLs like http://harryh.org/user/[uid]
-harryh
-harryh
-harryh
-harryh
-harryh
OK, made this change. Looks better now. Thx!
> Yeah, the recoeverUserId should be going against User.curUserId... that'll
> avoid the loading of the user.
Lift (well, I don't really care I suppose, but it's Lift right now).
> Are you expecting Lift or your servlet container to serve the static files?
Some are, but not all of them. I could do some reorganization in this
> Are your static files in well known locations (e.g., /images, /css, etc.)?
area if necessary.
-harryh
Hmm,, this must be something with extended sessions. This is some log
output from my app:
20:36:49.941 [qtp-963293928-4] INFO bootstrap.liftweb.DBVendor$ - Found connection in pool, size=1
20:36:49.942 [qtp-963293928-4] TRACE bootstrap.liftweb.DBVendor$ - Verifying DB connection:org.postgresql.jdbc4.Jdbc4Connection@63376afa
20:36:49.955 [qtp-963293928-4] TRACE bootstrap.liftweb.DBVendor$ - DB connection ok: org.postgresql.jdbc4.Jdbc4Connection@63376afa
20:36:49.961 [qtp-963293928-4] INFO query - >>> All queries took 5ms:
20:36:49.961 [qtp-963293928-4] INFO query - Exec query "SELECT users.id, users.firstname, users.lastname, users.email, users.locale, users.timezone, users.password_pw, users.password_slt, users.account_id, users.superuser, users.uniqueid, users.validated FROM users WHERE id = 2" : org.postgresql.jdbc4.Jdbc4ResultSet@34374ed5 took 3ms
20:36:49.961 [qtp-963293928-4] INFO query - <<< End queries
20:36:50.003 [qtp-963293928-4] INFO query - >>> All queries took 5ms:
20:36:50.006 [qtp-963293928-4] INFO query - Exec query "SELECT accounts.name, accounts.id FROM accounts WHERE id = 1" : org.postgresql.jdbc4.Jdbc4ResultSet@78d9ab8 took 5ms
20:36:50.006 [qtp-963293928-4] INFO query - <<< End queries
20:36:50.059 [qtp-963293928-4] TRACE bootstrap.liftweb.DBVendor$ - Releasing connection, size=1: org.postgresql.jdbc4.Jdbc4Connection@63376afa
20:36:50.062 [qtp-963293928-4] INFO lift - Service request (GET) / took 159 Milliseconds
20:36:50.111 [qtp-963293928-5] INFO lift - Service request (GET) /classpath/blueprint/print.css took 15 Milliseconds
Note that no db connection is acquired for blueprint.css (previous
versions would get one)
/Jeppe
>> btw... all the stuff related to serving css, etc. is done outside of theHmm,, this must be something with extended sessions.
>> user session state. This is in SNAPSHOT. Please give it a whirl and make
>> sure it's suiting your needs.
>
> This is totally my fault for not properly checking before M7, but I'm
> still seeing a database access when serving static files (css, images,
> js) when using extended sessions.
This is some log
output from my app:
20:36:49.941 [qtp-963293928-4] INFO bootstrap.liftweb.DBVendor$ - Found connection in pool, size=1
20:36:49.942 [qtp-963293928-4] TRACE bootstrap.liftweb.DBVendor$ - Verifying DB connection:org.postgresql.jdbc4.Jdbc4Connection@63376afa
20:36:49.955 [qtp-963293928-4] TRACE bootstrap.liftweb.DBVendor$ - DB connection ok: org.postgresql.jdbc4.Jdbc4Connection@63376afa
20:36:49.961 [qtp-963293928-4] INFO query - >>> All queries took 5ms:
20:36:49.961 [qtp-963293928-4] INFO query - Exec query "SELECT users.id, users.firstname, users.lastname, users.email, users.locale, users.timezone, users.password_pw, users.password_slt, users.account_id, users.superuser, users.uniqueid, users.validated FROM users WHERE id = 2" : org.postgresql.jdbc4.Jdbc4ResultSet@34374ed5 took 3ms
20:36:49.961 [qtp-963293928-4] INFO query - <<< End queries
20:36:50.003 [qtp-963293928-4] INFO query - >>> All queries took 5ms:
20:36:50.006 [qtp-963293928-4] INFO query - Exec query "SELECT accounts.name, accounts.id FROM accounts WHERE id = 1" : org.postgresql.jdbc4.Jdbc4ResultSet@78d9ab8 took 5ms
20:36:50.006 [qtp-963293928-4] INFO query - <<< End queries
20:36:50.059 [qtp-963293928-4] TRACE bootstrap.liftweb.DBVendor$ - Releasing connection, size=1: org.postgresql.jdbc4.Jdbc4Connection@63376afa
20:36:50.062 [qtp-963293928-4] INFO lift - Service request (GET) / took 159 Milliseconds
20:36:50.111 [qtp-963293928-5] INFO lift - Service request (GET) /classpath/blueprint/print.css took 15 Milliseconds
Note that no db connection is acquired for blueprint.css (previous
versions would get one)
/Jeppe
-harryh