RE: [Mono-list] mod_mono sharing application session data
On Thu, 2004-07-29 at 13:14, Andrew Arnott wrote: > > This is very annoying. Suppose you have an application (as I will soon) > > where you have a Core module that supplies users, roles, etc and a > > login. From there you would travel to other modules which would of > > course need to know that your logged in (a cookie works - > > FormsAuthentication class). But suppose I set your Member object into > > Session within the Core module, the Foo module could not access it. So > > in fact I would have to check your cookie and retrieve again the Member > > object associated to that cookie from the database. Thus, an unecessary > > call to the database, and two instances of the same object sitting in > > session. Its a data integrity nightmare! > > In defense of your idea, it sounds very reasonable. Having a site made up of > several subdirectories doesn't mean it's a bad program to use the web as a > platform. Certainly sessions should span directories when it's the same web > app. IIS certainly treats it that way. > > I unfortunately can't help though, as I have not done any work with sessions > on Mono yet. I have done it extensively in IIS however, and eventually would > like to try porting it to Mono. I believe I've solved my annoying problem. It seems that the following structure of directories will share session information. / - application login /core /foo /bar But I was doing the following, which definitely did NOT work. /public - application login /core /foo /bar This does make sense - but the lack of documentation about any of this is extremely annoying. No where is this stated that I could find. But having thought about it, and related it to the way Web.config files load it makes perfect sense. Any ways, BLAH. Thanks. ~ Matthew ___ Mono-list maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/mono-list
RE: [Mono-list] mod_mono sharing application session data
> This is very annoying. Suppose you have an application (as I will soon) > where you have a Core module that supplies users, roles, etc and a > login. From there you would travel to other modules which would of > course need to know that your logged in (a cookie works - > FormsAuthentication class). But suppose I set your Member object into > Session within the Core module, the Foo module could not access it. So > in fact I would have to check your cookie and retrieve again the Member > object associated to that cookie from the database. Thus, an unecessary > call to the database, and two instances of the same object sitting in > session. Its a data integrity nightmare! In defense of your idea, it sounds very reasonable. Having a site made up of several subdirectories doesn't mean it's a bad program to use the web as a platform. Certainly sessions should span directories when it's the same web app. IIS certainly treats it that way. I unfortunately can't help though, as I have not done any work with sessions on Mono yet. I have done it extensively in IIS however, and eventually would like to try porting it to Mono. smime.p7s Description: S/MIME cryptographic signature
Re: [Mono-list] mod_mono sharing application session data
Hello, On Thu, 2004-07-29 at 11:59, Tom Larsen wrote: > Aren't HttpSessions "keyed" to the Session IDs they set? In any event, > web applications traditionally operate in a disconnected state because > this is how web servers operate. One HTTP request has nothing to do with > another. You need to consider very carefully the idea of trying to make a > web app that goes against this. If you really need a very tightly tied > together system then the web isn't a good platform. > > Or are you asking more of a single sign on question? What is in the > HttpSession that you need to share? > > Tom Larsen > > On Thu, 29 Jul 2004, Matthew Metnetsky wrote: > > > I've searched google and found almost no information on this, so I > > figured I'd ask here. > > > > Has anyone had any luck of sharing HttpSession data between applications > > (basically directories) ? The site I'm beginning to build requires 1 > > login for multiple modules and I'd really rather not have a flat file > > structure for such a huge application. > > > > Any ideas? > > > > ~ Matthew > > As it seems, every directory is assigned a cookie-session id used to tie Session to an application/directory. The problem is that if I travel from one directory to another and check session its missing, because HttpSession seems to be directory/application specific. This is very annoying. Suppose you have an application (as I will soon) where you have a Core module that supplies users, roles, etc and a login. From there you would travel to other modules which would of course need to know that your logged in (a cookie works - FormsAuthentication class). But suppose I set your Member object into Session within the Core module, the Foo module could not access it. So in fact I would have to check your cookie and retrieve again the Member object associated to that cookie from the database. Thus, an unecessary call to the database, and two instances of the same object sitting in session. Its a data integrity nightmare! Any ideas, suggestions solutions? ~ Matthew P.S. Sadly, this must be a web application. ___ Mono-list maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/mono-list
Re: [Mono-list] mod_mono sharing application session data
Hi, One secure solution would be doing custom digest authentication in an IHttpModule which is then valid for the various applications. The authentication module could then be shared by all applications and maybe rather than a flat file you could use a DB or LDAP for the back end. ;-) In addition, you could fall back to BASIC authentication if the digest is not supported (though I think all modern browsers support it nowadays). I did something like this a while back and though it was not for multiple apps, I think if you used the same 'realm' (see the spec.) for all your applications then it should work. There are a number of sample on how to do this in .NET out there. Here is one: http://www.eggheadcafe.com/articles/20040317.asp Regards, --chris On Thu, 29 Jul 2004, Matthew Metnetsky wrote: > I've searched google and found almost no information on this, so I > figured I'd ask here. > > Has anyone had any luck of sharing HttpSession data between applications > (basically directories) ? The site I'm beginning to build requires 1 > login for multiple modules and I'd really rather not have a flat file > structure for such a huge application. > > Any ideas? > > ~ Matthew > > ___ > Mono-list maillist - [EMAIL PROTECTED] > http://lists.ximian.com/mailman/listinfo/mono-list > ___ Mono-list maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/mono-list
Re: [Mono-list] mod_mono sharing application session data
Aren't HttpSessions "keyed" to the Session IDs they set? In any event, web applications traditionally operate in a disconnected state because this is how web servers operate. One HTTP request has nothing to do with another. You need to consider very carefully the idea of trying to make a web app that goes against this. If you really need a very tightly tied together system then the web isn't a good platform. Or are you asking more of a single sign on question? What is in the HttpSession that you need to share? Tom Larsen On Thu, 29 Jul 2004, Matthew Metnetsky wrote: > I've searched google and found almost no information on this, so I > figured I'd ask here. > > Has anyone had any luck of sharing HttpSession data between applications > (basically directories) ? The site I'm beginning to build requires 1 > login for multiple modules and I'd really rather not have a flat file > structure for such a huge application. > > Any ideas? > > ~ Matthew > > ___ > Mono-list maillist - [EMAIL PROTECTED] > http://lists.ximian.com/mailman/listinfo/mono-list > ___ Mono-list maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/mono-list
[Mono-list] mod_mono sharing application session data
I've searched google and found almost no information on this, so I figured I'd ask here. Has anyone had any luck of sharing HttpSession data between applications (basically directories) ? The site I'm beginning to build requires 1 login for multiple modules and I'd really rather not have a flat file structure for such a huge application. Any ideas? ~ Matthew ___ Mono-list maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/mono-list
