Re: Refusing direct actions

From: Thomas (webobject..oomeranet.com.au)
Date: Thu Feb 07 2008 - 15:25:36 EST

  • Next message: Anjo Krank: "Re: Refusing direct actions"

    Thanks, I discovered that. I am using hasSession(), which mostly
    works, but there are still some new sessions being created. Still
    investigating.

    What do you mean when you say you fixed it in Wonder? How did you do
    that?

    Regards
    Thomas

    On 07/02/2008, at 11:59 PM, Anjo Krank wrote:

    > FWIW, I just fixed that in Wonder.
    >
    > Context.hasSession() only check is the session has been actually
    > set, ie. context.setSession() has been called. This has bitten me a
    > few times before. If you are in a DA, there is existingSession() to
    > check if there is a session.
    >
    > Cheers, Anjo
    >
    > Am 04.02.2008 um 06:15 schrieb Thomas:
    >
    >> Andrew,
    >>
    >> thanks for that. This works-- at least if an instance is set to
    >> refuse new sessions, it will only serve a response from the
    >> instance(s) NOT set to refuse new sessions.
    >>
    >> However, the adaptor seems to be ignoring the session ID in the
    >> cookie. context().hasSession() always returns false even when there
    >> is a valid session ID cookie.
    >>
    >> Just for posterity, here is what I did in the direct action handler:
    >>
    >> if (!context().hasSession() &&
    >> WOApplication.application().isRefusingNewSessions()) {
    >> WOResponse response = new WOResponse();
    >> // this will cause the adaptor to fail the request and try to send
    >> it to another instance.
    >> response.setStatus(302); // move temporarily
    >> response.setHeader("true", "x-webobjects-refusing-redirection");
    >> return response;
    >> }
    >>
    >>
    >>
    >> On 04/02/2008, at 11:41 AM, Andrew Lindesay wrote:
    >>
    >>> Hello Thomas;
    >>>
    >>> I recently had a look in the apache adaptor source for this.
    >>> Download my framework and take a look at;
    >>>
    >>> LEWOJSONRPCRequestHandler.handleRequest(..)
    >>>
    >>> Look for;
    >>>
    >>> LEWOStuffConstants.KEY_HEADER_WOREFUSINGREDIRECTION
    >>>
    >>> I'm not sure if there is a better way.
    >>>
    >>> cheers.
    >>>
    >>>> Google and the apple docs are surprisingly silent about this.
    >>>>
    >>>> I have an application where almost all access is for members
    >>>> only, thus requiring login, but almost all pages are accessed by
    >>>> direct action. Of course if I set "refuse new sessions" because
    >>>> I've deployed a new version in another instance, it does nothing
    >>>> because new users connect via direct action and get a new session.
    >>>>
    >>>> I'm wondering what is the standard way of handling this? Should I
    >>>> test for isRefusingNewSessions() and hasSession() and redirect
    >>>> the visitor to the same URL, hoping that eventually they will get
    >>>> another instance? Is there a better way?
    >>>
    >>> ___
    >>> Andrew Lindesay
    >>> technology : www.lindesay.co.nz
    >>> business : www.silvereye.co.nz
    >>>
    >>>
    >>>
    >>>
    >>
    >
    >



    This archive was generated by hypermail 2.0.0 : Thu Feb 07 2008 - 15:26:37 EST