Re: need help with sessions

On Út, 2002-11-26 at 17:36, Terry Steichen wrote:
> Petr,
> 
> When you are using cookies for session management, if the user opens another
> browser window, it will use the same cookie as the first window.  If the
> user logs out in one window and logs in as a different user, the original
> window will now also use the new session.

I have been working on a patch for enhydra 5.0 that simply adds
something like a session ID to each URL. But not via
"URL;jsessionid=XXX?query" but as a part of the "query" - it's basically
a modification of my UrlRndPar that appends a random time stamp.

> If you pass the session id as
> part of the url (rather than via cookies), this isn't an issue.

I see. But I would like to keep using the cookies (it's simpler - e.g.
with applet-servlet communication). Unfortunately Enhydra does not have
a mode that would use both cookie and URL for passing the session id.

How you others do it? Simply switch the session handling to the URL and
forget about the cookie mode?
 
Anyway, I would like to hear your opinion on the setUser() vs
setSessionData(KEY) stuff. Do you use only the setUser() and keep all
the session variables in the User class or do you use setSessionData()
with a KEY - or even several different keys for different stuff in your
application? What's the difference between SessionData and User classes
when it comes to storing the session related info? Are they equivallent
or do they differ somehow in handling? And what was the original idea
behind this division for User and SessionData?

Petr