[plt-scheme] session info in web server applications

FWIW: We've put together a simple little library for this called  
"session cells":

   - cookie stores a random "session ID";
   - each session cell is a struct with a "cell ID" in it;

   - there's a global hash table of session IDs to "session tables";
   - a session table is a hash of cell IDs to values.

I like this solution for the simplicity of the interface and the  
consistency with web cells.
Two things that require careful thought:

   - setting up the session cookie (a dispatcher stage would be good  
for this);
   - garbage collection (we use a several hour timeout... there may be  
a better approach).

Our code is all rolled up as part of a larger web toolkit but it  
wouldn't take long to extract
if you're interested.

-- Dave

Jay McCarthy wrote:

> Email =)
>
> Jay
>
> On Thu, Nov 5, 2009 at 5:47 PM, David Storrs  
> <david.storrs at gmail.com> wrote:
>>
>>
>> On Thu, Nov 5, 2009 at 5:06 AM, Jay McCarthy  
>> <jay.mccarthy at gmail.com> wrote:
>>>
>>> The standard thing [for sessions] is to use a parameter that the
>>> continuation
>>> captures (in the URL) and a cookie that the browser holds as an
>>> authenticator. In the FAQ I link to something that talks about doing
>>> cookies as authenticators correctly.
>>>
>>> Jay
>>
>> This is enough of a FAQ that it should probably be a standard web- 
>> server
>> module.  I can take a look at our code base and see if the auth /  
>> session
>> parts can be easily packaged up and contributed back to core, or if  
>> they are
>> too wound into our business logic.  Assuming they can be broken  
>> out, what's
>> the best way to get the code to you, Jay?
>>
>> Dave
>>
>
>
>
> -- 
> Jay McCarthy <jay at cs.byu.edu>
> Assistant Professor / Brigham Young University
> http://teammccarthy.org/jay
>
> "The glory of God is Intelligence" - D&C 93
> _________________________________________________
>  For list-related administrative tasks:
>  http://list.cs.brown.edu/mailman/listinfo/plt-scheme