((( [logo]Racket )))Need Help?
AboutDownloadDocumentationPLaneTCommunityLearning

[plt-scheme] session info in web server applications

From: Todd O'Bryan (toddobryan at gmail.com)
Date: Fri Nov 6 09:03:48 EST 2009		 
Something like this would be lovely. If you have time to make it
available, that would be great.

I feel like I spend all my time asking this group for help without
providing much back, but every time I get a chance to start writing
code again, I get distracted by writing a test, or grading a test, or
writing a project, or grading a project, or ... you get the picture.

Todd

On Fri, Nov 6, 2009 at 4:48 AM, Dave Gurnell <d.j.gurnell at gmail.com> wrote:
> FWIW: We've put together a simple little library for this called "session
> cells":
>
>  - cookie stores a random "session ID";
>  - each session cell is a struct with a "cell ID" in it;
>
>  - there's a global hash table of session IDs to "session tables";
>  - a session table is a hash of cell IDs to values.
>
> I like this solution for the simplicity of the interface and the consistency
> with web cells.
> Two things that require careful thought:
>
>  - setting up the session cookie (a dispatcher stage would be good for
> this);
>  - garbage collection (we use a several hour timeout... there may be a
> better approach).
>
> Our code is all rolled up as part of a larger web toolkit but it wouldn't
> take long to extract
> if you're interested.
>
> -- Dave
>
> Jay McCarthy wrote:
>
>> Email =)
>>
>> Jay
>>
>> On Thu, Nov 5, 2009 at 5:47 PM, David Storrs <david.storrs at gmail.com>
>> wrote:
>>>
>>>
>>> On Thu, Nov 5, 2009 at 5:06 AM, Jay McCarthy <jay.mccarthy at gmail.com>
>>> wrote:
>>>>
>>>> The standard thing [for sessions] is to use a parameter that the
>>>> continuation
>>>> captures (in the URL) and a cookie that the browser holds as an
>>>> authenticator. In the FAQ I link to something that talks about doing
>>>> cookies as authenticators correctly.
>>>>
>>>> Jay
>>>
>>> This is enough of a FAQ that it should probably be a standard web-server
>>> module.  I can take a look at our code base and see if the auth / session
>>> parts can be easily packaged up and contributed back to core, or if they
>>> are
>>> too wound into our business logic.  Assuming they can be broken out,
>>> what's
>>> the best way to get the code to you, Jay?
>>>
>>> Dave
>>>
>>
>>
>>
>> --
>> Jay McCarthy <jay at cs.byu.edu>
>> Assistant Professor / Brigham Young University
>> http://teammccarthy.org/jay
>>
>> "The glory of God is Intelligence" - D&C 93
>> _________________________________________________
>>  For list-related administrative tasks:
>>  http://list.cs.brown.edu/mailman/listinfo/plt-scheme
>
> _________________________________________________
>  For list-related administrative tasks:
>  http://list.cs.brown.edu/mailman/listinfo/plt-scheme
>
Posted on the users mailing list.