Thanks Matthew, you're right. This should work.
Bests,
Neil
________________________________
From: Matthew Sherborne <[email protected]>
To: Neil D'Souza <[email protected]>
Cc: "[email protected]"
<[email protected]>
Sent: Friday, September 9, 2011 4:10 AM
Subject: Re: [Wt-interest] Persistent sessions accross start/stop
Hi Neil,
Sorry, I probably sent you down the too complicated path to feed my ego.
All you need is:
WApplication::setCookie: http://www.webtoolkit.eu/wt/doc/reference/html/classWt_1_1WApplication.html#a0aa2703da36531cf1773d3e756791bf6
Then you can save what ever info you want on the clients' computer I guess, and
get it back later with getCookie.
Otherwise .. just use the DB or a text file or something to remember .. cookie
value X means Y.
If you're gonna use the DB or text file and there may be some security
concerns, you might want to use WRandom (pretty new addition) to generate a big
long random value for the cookie, so hackers don't just try and guess cookie
values to steal someone elses info. Also there's my patch to Wt library that
adds a single extra bool to setCookie to flip on the 'secure'
flag: https://github.com/matiu2/witty-plus/blob/master/wt.patch (plus some
other stuff).
Cookie flags (httponly, and secure) are described
here: http://michael-coates.blogspot.com/2010/12/study-of-httponly-and-secure-cookie.html
basically httponly means you can't set it using JS that someone injects into
some content on your site or via a browser plugin.
and secure means if you serve the cookie via https .. you can't read it with
http (so some man in the middle can't read the cookie basically).
That's from memory, so I might be wrong :)
Kind Regards,
Matthew Sherborne
On Thu, Sep 8, 2011 at 11:50 PM, Neil D'Souza <[email protected]> wrote:
Hi Matthew,
>
>
>
> I initially thought that what from what you have done, it would be easy to
>get persistent sessions going. But now I'm not so sure.
>
>
> It seems handleRequest in WebController does the session creation. The
>callback function "createApplication" which we pass to WRun creates sessions
>and is somehow invoked each time a new session is created.
>
>
>
> When the application is stopped and then re-started, we need some kind of
>a hook into WRun to get createApplication to be called, Once for each
>persistent session that existed before. Then we change the session ID of each
>using the changeSessionId call exposed. This method would probably be wasteful
>of resources.
>
>
>
> the sessions are stored here: WebController.h
>
>typedef std::map<std::string, boost::shared_ptr<WebSession> > SessionMap;
> SessionMap sessions_;
>
> The other option is to have a different type of hook function, where, we
>check the incoming request for a cookie, specific to our app, then check that
>cookie is valid in our persistent list, and when creating the WebApplication
>pass our session id to it.
>
>
>
> I will get back to you with whatever I find.
>
>
>
> I have wt-3.1.10 and noticed that it does not have the WLink file - that
>is new, it seems. I did not want to do a make install with the cloned git
>version. I tried setting the library libwt with the ccmake utility, however I
>cannot set the Header file directory as an option. I have tried cmake in the
>past, but could not get it to work the way I wanted it. When compiling some
>yacc grammars, I wanted it to put the generated code (.cpp, .hpp) files in the
>source directory, but it kept putting the files in the output directory.
>Anyways I am not very good with cmake. Can you tell me how to pass the Wt
>include dir for your app from the cloned repository and not the standard
>locations. I can of course always write a custom makfile, but it is possible
>others will also want to test your application in the same way.
>
>
>
> the path is /home/nxd/Download/wt
>
>
>
>>
>> I deploy my app running as root without being behind any webservers or
anything .. it has a single process, but is multi threaded. hitting the 3 urls
it has now with seige at 1000
>> concurrent users for 2 minutes, it
does about 648 req/sec on a cheapo 256 MB of RAM VPS. It sits at about
12 MB when idle and gets up to about 38 MB when being seiged.
>
>
>This is good news for me. I was thinking of different ways of deploying. The
>easiest would be having a master web server doing url re-writing, and
>redirecting to individual webservers running of different port numbers. I
>wanted to make these webservers wthttpd servers. I think if the wthttpd server
>can handle 1000 reqs/sec I should have no trouble .
>
>
>Kind Regards,
>Neil
>
>
>
>
>
>________________________________
>From: Matthew Sherborne <[email protected]>
>To: Neil D'Souza <[email protected]>; [email protected]
>Sent: Thursday, September 8, 2011 6:31 AM
>Subject: Re: [Wt-interest] Persistent sessions accross start/stop
>
>
>
>Hi Neil,
>
>
>With persistent connections have a look at my code
>here: https://github.com/matiu2/witty-plus/tree/master/base-app/lib
>
>
>This class handles the setting and getting of the
>cookies: https://github.com/matiu2/witty-plus/blob/master/base-app/lib/SessionHandle.hpp
>
>
>I use an in memory map of cookie to session
>info: https://github.com/matiu2/witty-plus/blob/master/base-app/lib/MemorySessionStore.hpp
>
>
>But it should be a lot easier to write a DB stored map, as you woudn't have to
>worry about being hit by multiple threads.
>
>
>----
>
>
>2nd question and 3rd questions:
>
>
>I deploy my app running as root without being behind any webservers or
>anything .. it has a single process, but is multi threaded. hitting the 3 urls
>it has now with seige at 1000 concurrent users for 2 minutes, it does about
>648 req/sec on a cheapo 256 MB of RAM VPS. It sits at about 12 MB when idle
>and gets up to about 38 MB when being seiged.
>
>
>when I had it deployed behind nginx and fcgi .. I had it compiled with most of
>the worky bits in .so (dll) files and a really skinny stub of an executable ..
>so that most of the code/memory would be shared between the processes.
>
>
>Good luck :)
>
>
>Matthew Sherborne
>
>
>
>
>On Thu, Sep 8, 2011 at 3:00 AM, Neil D'Souza <[email protected]> wrote:
>
>Dear All,
>>
>>
>> I am developing a witty web app, open source. It compiles surveys to c++
>>and uses the Wt for web.
>>
>>
>> One of the problems I will face in the near future is:
>>
>>
>> we send out links to users to take a survey. Wt creates a session. Now,
>>maybe due to a programming bug, the survey needs to be taken down, recompiled
>>and restarted. The old session information is lost and the user may have to
>>retake the survey from scratch. Currently what I am doing is using
>>sessionId() call to save the session in map and load the appropriate survey
>>when the user comes in. However when the app restarts, i want to be able to
>>persist this data to disk and have Wt reload this information if it is
>>present in a special file, or a file passed as an option to wt. This way I
>>will be able to load the survey status appropriately. I can use a custom
>>signal to trigger the app to save the data to disk, or save it one at a time,
>>when sessions are created.
>>
>>
>>
>> How do I do this with Wt?
>>
>>
>> 2nd question:
>>
>> I ran my test survey and found it to be using 4 Mb of ram - valgrind
>>numbers. I then ran the hello world application and found it to be using
>>about 3 Mb - so my code is using the remaining 1 Mb. Also I hit the server
>>for parallel connections - and each session is using 4 Mb. If I have many
>>sessions running, the memory usage will be quite high. Are there any memory
>>pools which are created, which can be controlled by external parameters?
>>
>>
>> 3rd question:
>>
>>
>> For some reason I have it in my head that the wthttpd server cannot
>>handle many connections in parallel. I know that fastcgi offers great
>>performance in such scenarios. Maybe I read the note on wthttpd in the older
>>documentation , or maybe I'm just plain wrong. However I would like to ask,
>>how many connections can wthttpd handle before performance becomes bad.
>>
>>
>> If you would like me to post questions 2 and 3 as separate items, please
>>let me know.
>>
>>
>> Many thanks for your help in advance.
>>
>>
>>
>>Kind Regards,
>>Neil
>>
>>
>>
>>
>>
>>
>>
>>------------------------------------------------------------------------------
>>Using storage to extend the benefits of virtualization and iSCSI
>>Virtualization increases hardware utilization and delivers a new level of
>>agility. Learn what those decisions are and how to modernize your storage
>>and backup environments for virtualization.
>>http://www.accelacomm.com/jaw/sfnl/114/51434361/
>>_______________________________________________
>>witty-interest mailing list
>>[email protected]
>>https://lists.sourceforge.net/lists/listinfo/witty-interest
>>
>>
>
>
>
------------------------------------------------------------------------------
Why Cloud-Based Security and Archiving Make Sense
Osterman Research conducted this study that outlines how and why cloud
computing security and archiving is rapidly being adopted across the IT
space for its ease of implementation, lower cost, and increased
reliability. Learn more. http://www.accelacomm.com/jaw/sfnl/114/51425301/
_______________________________________________
witty-interest mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/witty-interest
