application state questions for Stateless Play! Framework

[Ali Ozan ?il]

Hi,

I am trying to learn Play! Framework with developing an complete application which will serve on GAE.

I am reading the document of Play! Framework since it is one good source. It is quite well written, thanks. 

However, you can suggest me additional sources to learn Play! Framework better, please.

After this introduction, I have a couple of questions about application state. I have managed to figure out with my experience from other frameworks but Play! Framework has stateless architecture.

• After user login, I am allowed to store only one string attribute of user object in session. How can I manage keep user object itself in session ? Should I get object from persistence layer with its Id in session before every request ? Is that good practice ?
  Maybe you should explain how to develop shopping cart application with Stateless Play! Framework. That example clarifies the point.
  
  
  
• Related to session question, after users make login to application, how can I know count of users currently logged in the application ?
  I want to reach the information of sessions currently run in my application and the user information stored in their sessions.
  Could you please give an example of building that on stateless Play! Framework?

I think answers of this questions would help lots of people in community. 

Thanks in advance,

Ozan.

[green]

On Mon, Jan 10, 2011 at 10:28 PM, Ali Ozan ?il <java...@gmail.com> wrote:

Hi,

I am trying to learn Play! Framework with developing an complete application which will serve on GAE.

I am reading the document of Play! Framework since it is one good source. It is quite well written, thanks. 

However, you can suggest me additional sources to learn Play! Framework better, please.

After this introduction, I have a couple of questions about application state. I have managed to figure out with my experience from other frameworks but Play! Framework has stateless architecture.

• After user login, I am allowed to store only one string attribute of user object in session. How can I manage keep user object itself in session ? Should I get object from persistence layer with its Id in session before every request ? Is that good practice ?
  

For the sake of simplicity (and reasonable performance), you can retrieve the object from persistent layer on every request. However, you can use Cache if you have real concern (usually you should not) on performance. 

• Maybe you should explain how to develop shopping cart application with Stateless Play! Framework. That example clarifies the point.
  

Just use cache or a temporary table to store the intermediate state of the shopping cart, indexed by the session id

• 
  
  
• Related to session question, after users make login to application, how can I know count of users currently logged in the application ?
  I want to reach the information of sessions currently run in my application and the user information stored in their sessions.
  Could you please give an example of building that on stateless Play! Framework?

Just one proposal: add one field to User model: User.isLoggedIn, in your login controller method, set that field to true for the relevant user; in the logoff controller method, reset that field to false. You could use JPA or other OR mapping layer to select from user user database where isLoggedIn is true. 

I think answers of this questions would help lots of people in community. 

Thanks in advance,

Ozan.

--
You received this message because you are subscribed to the Google Groups "play-framework" group.
To post to this group, send email to play-fr...@googlegroups.com.
To unsubscribe from this group, send email to play-framewor...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/play-framework?hl=en.

[Erwan Loisant]

Hi,

On Mon, Jan 10, 2011 at 12:28, Ali Ozan ?il <java...@gmail.com> wrote:
> Related to session question, after users make login to application, how can
> I know count of users currently logged in the application ?
> I want to reach the information of sessions currently run in my application
> and the user information stored in their sessions.

I think the first question you should ask if why you need this
information. When you have server-side sessions it's important to
monitor the number of logged-in users and how much information you're
storing because you could run out of memory if too many users are
logged in simultaneously.

In a stateless application, you don't have this problem. And actually
with a stateless application there is no concept of "logged in users"
from a server point of view. Think carefully about what you want to
measure, and why. Do you need to measure usage? Is it number of
request / seconds? Number of logged in request / seconds?

--
Erwan Loisant

[elondo]

>Related to session question, after users make login to application, how
>can I know count of users currently logged in the application ?
>I want to reach the information of sessions currently run in my
>application and the user information stored in their sessions.
>Could you please give an example of building that on stateless Play!
>Framework?

how about having a "lastActivityTime" timestamp column in your user
table. You can assume the user is no longer active if s/he has not
been active for X number of seconds. So you can do a "select count(u)
from User u where u.lastActivityTime > ?" and pass crrent date - X
seconds?

On Jan 10, 11:28 am, "Ali Ozan ?il" <javat...@gmail.com> wrote:
> Hi,
> I am trying to learn Play! Framework with developing an complete application
> which will serve on GAE.
>
> I am reading the document of Play! Framework since it is one good source. It
> is quite well written, thanks.
> However, you can suggest me additional sources to learn Play! Framework
> better, please.
>
> After this introduction, I have a couple of questions about application
> state. I have managed to figure out with my experience from other frameworks
> but Play! Framework has stateless architecture.
>

>    - After user login, I am allowed to store only one string attribute of

>    user object in session. How can I manage keep user object itself in
>    session ? Should I get object from persistence layer with its Id in session
>    before every request ? Is that good practice ?
>    Maybe you should explain how to develop shopping cart application with
>    Stateless Play! Framework. That example clarifies the point.
>

>    - Related to session question, after users make login to application, how

[Ike]

On Monday, January 10, 2011 10:53:31 AM UTC-5, elondo wrote:

...

how about having a "lastActivityTime" timestamp column in your user
table. You can assume the user is no longer active if s/he has not
been active for X number of seconds. So you can do a "select count(u)
from User u where u.lastActivityTime > ?" and pass crrent date - X
seconds?

That may work for a small intranet app or a low traffic site but I wouldn't recommend it for a large, consumer-facing app, and it's still just a rough approximation. You can simulate something like a list of "logged in" users with some clever cache manipulations but if you absolutely need to have a real-time view of who's logged in you need a presence server like Jabber, or something similar.

[William Wong]

For small size user session data, you can serialize it to a string and store it as part of Play's user session data in the user's browser cookie.  Play encrypts the session data to prevent access to it from the browser-side.  The advantage is you don't need to worry about server-side storage for session data and is highly scalable for its distributed nature.  Cleanup is simple as the session data is removed when the session is expired.  The downside is small data size and the bandwidth cost to ship the data back and forth.

For large session data, you can store it in database/file/GADataStore/S3 and put Cache in front of it.  It has more backend cost and a bit more complicated.  Cleanup is more work since you have to clean up the session data when it's expired.

It's kind of expensive to track accurate logged-in user count.  You can have a table containing all active session timestamps, Table(UserId, SessionExpireTime).  Whenever a user logs in, add/update a record of the UserId and its session's expiration time.  Whenever a user has some request activity, update its SessionExpireTime in the table; you might want to batch the updates up in memory before writing it.  Whenever a user logged out, delete its record from the table.  To get active logged-in user, select count from table where the SessionExpireTime is within the max allowable session time.  You also need to periodically delete records where its SessionExpireTime has passed the max session time.

Rethink why you need this requirement.  It's costly to build and maintain.  It's probably better to count active unique user requests periodically, like counting the users making request in the 15-minute or hourly intervals.

On Mon, Jan 10, 2011 at 3:28 AM, Ali Ozan ?il <java...@gmail.com> wrote:

Hire

--

[Matt Hildebrand]

Just one correction:

Play encrypts the session data to prevent access to it from the browser-side.

Session contents are actually not encrypted.  Details are here:

http://www.playframework.org/documentation/1.1/security#sessions

(When the documentation says the session data is "signed", it's referring to HMACs, not digital signatures in the sense of public-key cryptography.)

If you really want some data to be encrypted, though, one way is to encrypt it yourself and store the encrypted representation in the session.  Play's Crypto class may be helpful for such things:

http://www.playframework.org/documentation/api/1.1/play/libs/Crypto.html

-Matt

[William Wong]

Thanks for the correction.  I thought I read it somewhere that it's encrypted.  Guess I was wrong.

--