Re: foaf.me and tab duplication and logout

1 view
Skip to first unread message

Melvin Carvalho

unread,
Mar 25, 2010, 6:22:47 PM3/25/10
to foa...@googlegroups.com, Story Henry


2010/3/25 Peter Williams <hom...@msn.com>

Try this:-

 

Goto foaf.me with IE8, note missing markup tab

 

try to login.

 

Release webid/cert (to foafssl.org)

 

Show activity tab, then markup tab (now present), then back to activity tab (empty typically), once logged into foaf.me

 

Duplicate tab (in IE)

 

Logout (on tab #2)

 

On only remaining tab #1, now view “edit markup” tab (which improperly renders post-;ogout), and note one can successfully update a change.

 

Though I don’t really expect ajax handlers to auto-update tab#1’s state (to reflect logout on tab#2), I do expect re-rendering/update on tab#1 to fail.

 

This is what you see in MSN land, if you use websso to get a session on the MSN messenger IM app, and then use a browser at another MSN logon page to force a second logon. It logs one off the first session (with a warning on the second that the multiple logons conditions is present, and the logout of one has occurred).

 

Now, there are some corner conditions, in which different tabs can specifically have different web sessions with different “tenants” – even on the same server-side URI namespace. This can correctly ensure logout of tenant X (in one tab) does not logout tenant Y (in other tab). This is all non-RESTful (as we found out the hardway), requiring a lot of carefully-managed multi-tenant server side logon state (especially when IE as the client, since all tabs share a session sever-side handle!).


Thanks peter, ive forwarded this to our mail list, hope you dont mind ...

 


Reply all
Reply to author
Forward
0 new messages