Persist session from user facet
12 views
Skip to first unread message
W.S. Hager
Nov 16, 2012, 6:06:15 PM11/16/12
to persevere...@googlegroups.com
Hi,
I'd like to persist the session from the client. I discovered I could do this by calling setCookie from pintura/jsgi/session, but I don't have access to the response. How can I access the response from my custom user facet?
Thanks a lot.
W.S. Hager
Nov 17, 2012, 11:50:33 AM11/17/12
to persevere...@googlegroups.com
So... of course I mean I want to be able to add some custom headers. I've edited pintura/jsgi/rest-store. It's not very elegant, so I hope someone else has a better solution.
Hi,
I'd like to persist the session from the client. I discovered I could do this by calling setCookie from pintura/jsgi/session, but I don't have access to the response. How can I access the response from my custom user facet?
Thanks a lot.
Ben Hockey
Nov 19, 2012, 11:28:33 AM11/19/12
to persevere...@googlegroups.com
i'm not sure what you're trying to do. can you maybe explain some more to help me understand?
pintura/jsgi/session adds a pintura-session cookie and it also exports a setSessionModel so that you can set your own model for sessions. in my usage this has been enough to do most things i've needed to do. it could be that whatever you want to do could be achieved via some other way too but it's hard to say unless i have some better idea of what you're trying to do.
also, one thing i'd add is that there's nothing stopping you from writing your own equivalent of pintura/pintura.js (within your project) to add in your own jsgi middleware or to customize the configuration of any of the existing ones. i tend to think of pintura/pintura.js as a template or starting point and i usually copy it into my project and use that copy so that i can customize as much as i want to. as an example of how i use this, in one project i've got a middleware that will check the incoming request and for certain URLs, if the session associated with the request has not been authenticated then i redirect the request to a login page. another example i have is that in my pintura.js i've replaced pintura/jsgi/pintura-header with my own copy of that file that also adds a header to the response with the username of the current user.
maybe these ideas are enough to get you thinking about how to solve your own problem.
thanks,
ben...
W.S. Hager
Nov 19, 2012, 11:51:45 AM11/19/12
to persevere...@googlegroups.com
Hi Ben,
Thanks for your answer. I modified pintura/jsgi/rest-store, but pintura-headers does seem like a better place for adding custom headers. I append customHeaders to the current request, send them and delete them. This gives me control over all response headers, but it may be overkill.
Just to clarify, Session (where the cookie is set) is called just once. When the session times out, the user must login again, but the session is not regenerated, so you cannot login again anymore. I think this is a bug. Also, I'd like the session not to time out when the user is not idle. The only way to prevent that (even when you could login again) would be to store the password clientside, and I obviously don't want to do that. So I added a "persist session" method to the authentication facet, that generates a new session for an existing user and updates the cookie. Only the username is copied to the new session. This may also not be safe, but it improves the user experience.
Perhaps you could have a look at the session regeneration. If the cookie is updated properly, it would leave only the persist method for me to add.
Thanks.
Wouter
Thanks for your answer. I modified pintura/jsgi/rest-store, but pintura-headers does seem like a better place for adding custom headers. I append customHeaders to the current request, send them and delete them. This gives me control over all response headers, but it may be overkill.
Just to clarify, Session (where the cookie is set) is called just once. When the session times out, the user must login again, but the session is not regenerated, so you cannot login again anymore. I think this is a bug. Also, I'd like the session not to time out when the user is not idle. The only way to prevent that (even when you could login again) would be to store the password clientside, and I obviously don't want to do that. So I added a "persist session" method to the authentication facet, that generates a new session for an existing user and updates the cookie. Only the username is copied to the new session. This may also not be safe, but it improves the user experience.
Perhaps you could have a look at the session regeneration. If the cookie is updated properly, it would leave only the persist method for me to add.
Thanks.
Wouter
--
You received this message because you are subscribed to the Google Groups "Persevere" group.
To view this discussion on the web visit https://groups.google.com/d/msg/persevere-framework/-/jJE7Cue5cbgJ.
To post to this group, send email to persevere...@googlegroups.com.
To unsubscribe from this group, send email to persevere-frame...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/persevere-framework?hl=en.
W.S. Hager
Nov 19, 2012, 7:55:36 PM11/19/12
to persevere...@googlegroups.com
Hmm, actually what I wrote before can't be right. Perhaps I need to set forceSession. Anyway, it's a bit oblique. I shall test some more.
Op 19 nov. 2012 17:51 schreef "W.S. Hager" <wsh...@gmail.com> het volgende:
Reply all
Reply to author
Forward
0 new messages