Anjo,
sorry to be a bit slow, but please tell me if I am wrong:
restoreSessionWithID() below will now return a session object if THIS
instance has a session with that ID, and null if the request has no
session ID, or if the session ID does not match a session in this
instance (eg if the session ID is for a session in a different
instance).
So if I use existingSession() I will only get a non-null session for
requests that match an existing session in this instance.
But I was assuming that was the case already-- the documentation for
existingSession() says that is what it does. Am I missing something?
Was that broken? The fact that I am still getting sessions sometimes
when calling this suggests that something is broken.
Regards
Thomas
On 08/02/2008, at 7:39 AM, Anjo Krank wrote:
> + /**
> + * Returns the existing session if any is given in the form
> values or url.
> + */
> + public WOSession existingSession() {
> + String sessionID = _requestSessionID();
> + if(!super.hasSession() && sessionID != null)
> + WOApplication.application().restoreSessionWithID(sessionID,
> this);
> + return _session();
> + }
> +
> + /**
> + * Returns true if there is an existing session.
> + */
> + ..verride
> + public boolean hasSession() {
> + if(super.hasSession()) {
> + return true;
> + }
> + return existingSession() != null;
> + }
>
>
> Am 07.02.2008 um 21:25 schrieb Thomas:
>
>> Thanks, I discovered that. I am using hasSession(), which mostly
>> works, but there are still some new sessions being created. Still
>> investigating.
>>
>> What do you mean when you say you fixed it in Wonder? How did you
>> do that?
>>
>> Regards
>> Thomas
>>
>> On 07/02/2008, at 11:59 PM, Anjo Krank wrote:
>>
>>> FWIW, I just fixed that in Wonder.
>>>
>>> Context.hasSession() only check is the session has been actually
>>> set, ie. context.setSession() has been called. This has bitten me
>>> a few times before. If you are in a DA, there is existingSession()
>>> to check if there is a session.
>>>
>>> Cheers, Anjo
>>>
>>> Am 04.02.2008 um 06:15 schrieb Thomas:
>>>
>>>> Andrew,
>>>>
>>>> thanks for that. This works-- at least if an instance is set to
>>>> refuse new sessions, it will only serve a response from the
>>>> instance(s) NOT set to refuse new sessions.
>>>>
>>>> However, the adaptor seems to be ignoring the session ID in the
>>>> cookie. context().hasSession() always returns false even when
>>>> there is a valid session ID cookie.
>>>>
>>>> Just for posterity, here is what I did in the direct action
>>>> handler:
>>>>
>>>> if (!context().hasSession() &&
>>>> WOApplication.application().isRefusingNewSessions()) {
>>>> WOResponse response = new WOResponse();
>>>> // this will cause the adaptor to fail the request and try to
>>>> send it to another instance.
>>>> response.setStatus(302); // move temporarily
>>>> response.setHeader("true", "x-webobjects-refusing-redirection");
>>>> return response;
>>>> }
>>>>
>>>>
>>>>
>>>> On 04/02/2008, at 11:41 AM, Andrew Lindesay wrote:
>>>>
>>>>> Hello Thomas;
>>>>>
>>>>> I recently had a look in the apache adaptor source for this.
>>>>> Download my framework and take a look at;
>>>>>
>>>>> LEWOJSONRPCRequestHandler.handleRequest(..)
>>>>>
>>>>> Look for;
>>>>>
>>>>> LEWOStuffConstants.KEY_HEADER_WOREFUSINGREDIRECTION
>>>>>
>>>>> I'm not sure if there is a better way.
>>>>>
>>>>> cheers.
>>>>>
>>>>>> Google and the apple docs are surprisingly silent about this.
>>>>>>
>>>>>> I have an application where almost all access is for members
>>>>>> only, thus requiring login, but almost all pages are accessed
>>>>>> by direct action. Of course if I set "refuse new sessions"
>>>>>> because I've deployed a new version in another instance, it
>>>>>> does nothing because new users connect via direct action and
>>>>>> get a new session.
>>>>>>
>>>>>> I'm wondering what is the standard way of handling this? Should
>>>>>> I test for isRefusingNewSessions() and hasSession() and
>>>>>> redirect the visitor to the same URL, hoping that eventually
>>>>>> they will get another instance? Is there a better way?
>>>>>
>>>>> ___
>>>>> Andrew Lindesay
>>>>> technology : www.lindesay.co.nz
>>>>> business : www.silvereye.co.nz
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>
>
>
This archive was generated by hypermail 2.0.0 : Thu Feb 07 2008 - 16:18:04 EST