L9 & Sessions

classic Classic list List threaded Threaded
31 messages Options
12
Reply | Threaded
Open this post in threaded view
|

L9 & Sessions

Marc Pinnell-3
Something seems to be different from L8 to L9 in regards to sessions. I am putting together my first large site in L9 and I need session tracking in this one. So, I call my session code first thing on each page.

My code:
        // Start the session
        session_start(
                $sesPublicName,
                -Expires = $sesTimeout,
                -UseCookie,
                -UseLink = false
                )

When you first hit the site (with no previous cookie there), I end up with "decorated" links. Why?

http://scsoccer.test/News/marcs+test/?-lassosession:Pages_CMS=3132BD7F-04AB-4B24-A9AB-8C140862D821

On subsequent loads, all is fine:

http://scsoccer.test/News/marcs+test/

Beyond having to find a way to deal with this unexpected bit on the end of the URL, won't this cause me grief with the various search engine bots out there? With uselink set to false, shouldn't it be completely suppressed?

Marc


Marc Pinnell
1027 Design
PO Box 990872
Redding, CA 96099-0872
530.941.4706
fax: 866.232.5300
www.1027Design.com



#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 & Sessions

stevepiercy
izzabug
http://www.lassosoft.com/rhinotrac?id=7771

I've seen chatter in LassoChat in AIM that this issue is being
worked on for the 9.3 beta.

There are several other session-related issues in the tracker, too.

The code sample below can be used to replicate the issue.  It
includes timestamps when adding fruit to a session.  It can be
replicated with or without ",-usecookie" at the end of the
fourth line.

I tried using a define_atend to strip off the session
decoration, but without success.  I guess there is another
internal-use-only define_atend that overrides mine.

[define_atend({content_body->replace(regexp('&-lassosession.*?"'),'"')})]

--steve

----------------------------------------------------
[
!var_defined('fruit') ? var(fruit) = map
if(web_request->param('session')->asstring == 'start') => {
     session_start(-name='cabbage',-expires=15,-cookieexpires=15,-usecookie)
     var(fruit) = map
     session_addvar(-name='cabbage','fruit')

else(web_request->param('fruit')->asstring->size)
     session_start(-name='cabbage',-expires=15,-cookieexpires=15)
     'before: ' + (var_defined('fruit') ? $fruit) +'<br>'
     $fruit->insert(date->format('%q') = web_request->param('fruit')->asstring)

else(web_request->param('session')->asstring == 'end')
     session_start(-name='cabbage',-expires=-999999,-cookieexpires=-999999)
     session_end(-name='cabbage')
     var(fruit) = map
     redirect_url(response_filepath)
}
]
[if(not session_id(-name='cabbage')->asstring->size) => {^]
<p><a href="?session=start">start/load session</a></p>
[else]
<p><a href="?session=end">end session</a></p>
<h3>Add a fruit to your session.</h3>
<ul>
[with i in array('Santa Rosa plum', 'Gala apple', 'Meyer lemon')
do => {^]
    <li><a href="?fruit=[#i]">[#i]</a></li>
[^}]
</ul>
[^}]

<h3>Session ID</h3>
<p>[session_id(-name='cabbage')]</p>
<h3>Session Fruits</h3>
<p>[var_defined('fruit') ? $fruit]</p>
<h3>Cookies</h3>
<p>
[with c in web_request->cookies do => {^
         #c + '<br>'
^}]
</p>
----------------------------------------------------



On 10/16/14 at 7:02 PM, [hidden email] (Marc
Pinnell) pronounced:

>Something seems to be different from L8 to L9 in regards to
>sessions. I am putting together my first large site in L9 and I
>need session tracking in this one. So, I call my session code
>first thing on each page.
>
>My code:
>// Start the session
>session_start(
>$sesPublicName,
>-Expires = $sesTimeout,
>-UseCookie,
>-UseLink = false
>)
>
>When you first hit the site (with no previous cookie there), I
>end up with "decorated" links. Why?
>
>http://scsoccer.test/News/marcs+test/?-lassosession:Pages_CMS=3132BD7F-04AB-4B24-A9AB-
>8C140862D821
>
>On subsequent loads, all is fine:
>
>http://scsoccer.test/News/marcs+test/
>
>Beyond having to find a way to deal with this unexpected bit on
>the end of the URL, won't this cause me grief with the various
>search engine bots out there? With uselink set to false,
>shouldn't it be completely suppressed?
>
>Marc
>
>
>Marc Pinnell
>1027 Design
>PO Box 990872
>Redding, CA 96099-0872
>530.941.4706
>fax: 866.232.5300
>www.1027Design.com
>
>
>
>#############################################################
>
>This message is sent to you because you are subscribed to
>the mailing list Lasso [hidden email]
>Official list archives available at http://www.lassotalk.com
>To unsubscribe, E-mail to: <[hidden email]>
>Send administrative queries to  <[hidden email]>

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Steve Piercy              Website Builder              Soquel, CA
<[hidden email]>               <http://www.StevePiercy.com/>


#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 & Sessions

Jonathan Guthrie-3
On Oct 16, 2014, at 11:34 PM, Steve Piercy - Website Builder <[hidden email]> wrote:

> I've seen chatter in LassoChat in AIM that this issue is being worked on for the 9.3 beta.

Completely unrelated and out of context, please disregard, it's misinformation.


Jono

----------------------------
Jonathan Guthrie
[hidden email]
@iamjono
LassoSoft Inc.
AIM Chatroom: lassochat


#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 & Sessions

Steffan A. Cline
In reply to this post by Marc Pinnell-3
I too have seen this while clicking too quickly between items.

I've never been able to give a reproducible case though. Hopefully the
code that Steve posted will help them find and fix it.


Thanks,
Steffan

---------------------------------------------------------------
T E L  6 0 2 . 7 9 3 . 0 0 1 4 | F A X  6 0 2 . 9 7 1 . 1 6 9 4
Steffan A. Cline   [hidden email]
http://www.ExecuChoice.net                 Phoenix, Arizona USA
                 
---------------------------------------------------------------






On 10/16/14, 7:02 PM, "Marc Pinnell" <[hidden email]> wrote:

>Something seems to be different from L8 to L9 in regards to sessions. I
>am putting together my first large site in L9 and I need session tracking
>in this one. So, I call my session code first thing on each page.
>
>My code:
> // Start the session
> session_start(
> $sesPublicName,
> -Expires = $sesTimeout,
> -UseCookie,
> -UseLink = false
> )
>
>When you first hit the site (with no previous cookie there), I end up
>with "decorated" links. Why?
>
>http://scsoccer.test/News/marcs+test/?-lassosession:Pages_CMS=3132BD7F-04A
>B-4B24-A9AB-8C140862D821
>
>On subsequent loads, all is fine:
>
>http://scsoccer.test/News/marcs+test/
>
>Beyond having to find a way to deal with this unexpected bit on the end
>of the URL, won't this cause me grief with the various search engine bots
>out there? With uselink set to false, shouldn't it be completely
>suppressed?
>
>Marc
>
>
>Marc Pinnell
>1027 Design
>PO Box 990872
>Redding, CA 96099-0872
>530.941.4706
>fax: 866.232.5300
>www.1027Design.com
>
>
>
>#############################################################
>
>This message is sent to you because you are subscribed to
>  the mailing list Lasso [hidden email]
>Official list archives available at http://www.lassotalk.com
>To unsubscribe, E-mail to: <[hidden email]>
>Send administrative queries to  <[hidden email]>
>



#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 & Sessions

Marc Pinnell-3
Argh!! I'm supposed to be launching this site tonight!! :(

Never expected this to be an issue. Sure under estimated the L9 learning curve on this site! Oh well, what's life without challenges!

So, the question is "Now what?".

marc


On Oct 16, 2014, at 9:34 PM, Steffan A. Cline <[hidden email]> wrote:

> I too have seen this while clicking too quickly between items.
>
> I've never been able to give a reproducible case though. Hopefully the
> code that Steve posted will help them find and fix it.
>
>
> Thanks,
> Steffan
>
> ---------------------------------------------------------------
> T E L  6 0 2 . 7 9 3 . 0 0 1 4 | F A X  6 0 2 . 9 7 1 . 1 6 9 4
> Steffan A. Cline   [hidden email]
> http://www.ExecuChoice.net                 Phoenix, Arizona USA
>
> ---------------------------------------------------------------
>
>
>
>
>
>
> On 10/16/14, 7:02 PM, "Marc Pinnell" <[hidden email]> wrote:
>
>> Something seems to be different from L8 to L9 in regards to sessions. I
>> am putting together my first large site in L9 and I need session tracking
>> in this one. So, I call my session code first thing on each page.
>>
>> My code:
>> // Start the session
>> session_start(
>> $sesPublicName,
>> -Expires = $sesTimeout,
>> -UseCookie,
>> -UseLink = false
>> )
>>
>> When you first hit the site (with no previous cookie there), I end up
>> with "decorated" links. Why?
>>
>> http://scsoccer.test/News/marcs+test/?-lassosession:Pages_CMS=3132BD7F-04A
>> B-4B24-A9AB-8C140862D821
>>
>> On subsequent loads, all is fine:
>>
>> http://scsoccer.test/News/marcs+test/
>>
>> Beyond having to find a way to deal with this unexpected bit on the end
>> of the URL, won't this cause me grief with the various search engine bots
>> out there? With uselink set to false, shouldn't it be completely
>> suppressed?
>>
>> Marc
>>
>>
>> Marc Pinnell
>> 1027 Design
>> PO Box 990872
>> Redding, CA 96099-0872
>> 530.941.4706
>> fax: 866.232.5300
>> www.1027Design.com
>>
>>
>>
>> #############################################################
>>
>> This message is sent to you because you are subscribed to
>> the mailing list Lasso [hidden email]
>> Official list archives available at http://www.lassotalk.com
>> To unsubscribe, E-mail to: <[hidden email]>
>> Send administrative queries to  <[hidden email]>
>>
>
>
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>  the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>

Marc Pinnell
1027 Design
PO Box 990872
Redding, CA 96099-0872
530.941.4706
fax: 866.232.5300
www.1027Design.com



#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 & Sessions

Jonathan Guthrie-3
In reply to this post by Marc Pinnell-3
Do this instead then...

        session_start(
                $sesPublicName,
                -Expires = $sesTimeout,
                -UseCookie
                )

i.e. omit the -UseLink keyword completely.



On Oct 16, 2014, at 10:02 PM, Marc Pinnell <[hidden email]> wrote:

> session_start(
> $sesPublicName,
> -Expires = $sesTimeout,
> -UseCookie,
> -UseLink = false
> )

Jono

----------------------------
Jonathan Guthrie
[hidden email]
@iamjono
LassoSoft Inc.
AIM Chatroom: lassochat


#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 & Sessions

Marc Pinnell-3
That appears to be working. Swear I had tried that, but I'll keep an eye on it going forward.

Marc


On Oct 16, 2014, at 9:54 PM, Jonathan Guthrie <[hidden email]> wrote:

> Do this instead then...
>
> session_start(
> $sesPublicName,
> -Expires = $sesTimeout,
> -UseCookie
> )
>
> i.e. omit the -UseLink keyword completely.
>
>
>
> On Oct 16, 2014, at 10:02 PM, Marc Pinnell <[hidden email]> wrote:
>
>> session_start(
>> $sesPublicName,
>> -Expires = $sesTimeout,
>> -UseCookie,
>> -UseLink = false
>> )
>
> Jono
>
> ----------------------------
> Jonathan Guthrie
> [hidden email]
> @iamjono
> LassoSoft Inc.
> AIM Chatroom: lassochat
>
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>  the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>

Marc Pinnell
1027 Design
PO Box 990872
Redding, CA 96099-0872
530.941.4706
fax: 866.232.5300
www.1027Design.com



#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 & Sessions

stevepiercy
In reply to this post by Jonathan Guthrie-3

On 10/17/14 at 12:54 AM, [hidden email] (Jonathan Guthrie) pronounced:

>Do this instead then...
>
>session_start(
>$sesPublicName,
>-Expires = $sesTimeout,
>-UseCookie
>)

Completely ignores my code sample that demonstrates the bug.  
Please disregard everything I write.  It's misinformation.

Switching to a helpful tone, to work around it, do a redirect
after the session starts.  See the code sample below, slightly
modified from before.  It's suboptimal, but I can't come up with
any other implementation to avoid link decoration on the first
page load after starting a session.

[
!var_defined('fruit') ? var(fruit) = map
local(fruit_before) = string
if(web_request->param('session')->asstring == 'start') => {
     session_start(-name='cabbage',-expires=15,-cookieexpires=15,-usecookie)
     var(fruit) = map
     session_addvar(-name='cabbage','fruit')
// new redirect to work around bug http://www.lassosoft.com/rhinotrac?id=7771
     redirect_url(response_filepath + '?session=load')

// new code block to handle redirect after starting a session
else(web_request->param('session')->asstring == 'load')
     session_start(-name='cabbage',-expires=15,-cookieexpires=15,-usecookie)

else(web_request->param('fruit')->asstring->size)
     session_start(-name='cabbage',-expires=15,-cookieexpires=15,-usecookie)
     #fruit_before = 'before: ' + (var_defined('fruit') ? $fruit)
     $fruit->insert(date->format('%q') = web_request->param('fruit')->asstring)

else(web_request->param('session')->asstring == 'end')
     session_start(-name='cabbage',-expires=-999999,-cookieexpires=-999999)
     session_end(-name='cabbage')
     var(fruit) = map
     redirect_url(response_filepath)
}
]
[if(not session_id(-name='cabbage')->asstring->size) => {^]
<p><a href="?session=start">start/load session</a></p>
[else]
<p><a href="?session=end">end session</a></p>
<h3>Add a fruit to your session.</h3>
<ul>
[with i in array('Santa Rosa plum', 'Gala apple', 'Meyer lemon')
do => {^]
    <li><a href="?fruit=[#i]">[#i]</a></li>
[^}]
</ul>
[^}]

<h3>Session ID</h3>
<p>[session_id(-name='cabbage')]</p>
<h3>Session Fruits</h3>
<p>[#fruit_before]</p>
<p>[var_defined('fruit') ? $fruit]</p>
<h3>Cookies</h3>
<p>
[with c in web_request->cookies do => {^
         #c + '<br>'
^}]
</p>
[define_atend({content_body->replace(regexp('&-lassosession.*?"'),'"')})]

--steve


>i.e. omit the -UseLink keyword completely.
>
>
>
>On Oct 16, 2014, at 10:02 PM, Marc Pinnell <[hidden email]> wrote:
>
>>session_start(
>>$sesPublicName,
>>-Expires = $sesTimeout,
>>-UseCookie,
>>-UseLink = false
>>)
>
>Jono
>
>----------------------------
>Jonathan Guthrie
>[hidden email]
>@iamjono
>LassoSoft Inc.
>AIM Chatroom: lassochat
>
>
>#############################################################
>
>This message is sent to you because you are subscribed to
>the mailing list Lasso [hidden email]
>Official list archives available at http://www.lassotalk.com
>To unsubscribe, E-mail to: <[hidden email]>
>Send administrative queries to  <[hidden email]>

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Steve Piercy              Website Builder              Soquel, CA
<[hidden email]>               <http://www.StevePiercy.com/>


#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 & Sessions

Ke Carlton-3
In reply to this post by Jonathan Guthrie-3
If I recall correctly (also just tested) if you want links to not be linked
when cookies are not present you should set -useauto to false.

<?lasso
session_start(
'Test',
-Expires = 10,
-useAuto = false,
-UseCookie
)
?>

<a href="/index.htm">Test 1</a>

You can test this by removing all cookies and then blocking cookies on the
domain you're testing. The first and subsequent loads will not link the
hrefs, if you remove -useAuto = false they will be linked. I suspect
-useauto by default is true which is contrary to the docs, but is probably
the best default otherwise people will complain about sessions "not
working".

Ke

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 & Sessions

stevepiercy
On 10/17/14 at 8:44 PM, [hidden email] (Ke Carlton) pronounced:

>If I recall correctly (also just tested) if you want links to not be linked
>when cookies are not present you should set -useauto to false.
>
><?lasso
>session_start(
>'Test',
>-Expires = 10,
>-useAuto = false,
>-UseCookie
>)
>?>
>
><a href="/index.htm">Test 1</a>

Yup.  That does it for my code sample, too.

>You can test this by removing all cookies and then blocking cookies on the
>domain you're testing. The first and subsequent loads will not link the
>hrefs, if you remove -useAuto = false they will be linked. I suspect
>-useauto by default is true which is contrary to the docs, but is probably
>the best default otherwise people will complain about sessions "not
>working".

In these docs...
http://lassoguide.com/operations/sessions.html?#session_start
...the explanation of the behavior when using -useauto by itself
seems correct.  However the observed behavior when only
-usecookie is used and -useauto is omitted is not consistent
with the docs.  It appears that session_start uses -useauto
regardless of the usage of -usecookie in this case.

This sequence may help explain the behavior.

page request 1
--------------
no cookie exists
click link/button to start session
no cookie can be sent to lasso in the request header yet
lasso could not read a cookie, so it decorates links in the response
lasso sets a cookie in the browser in the response header

page request 2
--------------
cookie exists
click any old link
cookie is sent to lasso in the request header
lasso reads the cookie, so it does not decorate links in the response
lasso sets a cookie in the browser in the response header

The docs are incomplete here.
http://www.lassosoft.com/LassoDocs/languageReference/obj/session_start

I never caught this issue because, in my session manager, I do a
redirect after a successful login.  I also tend to avoid
sessions for anonymous users.

--steve

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Steve Piercy              Website Builder              Soquel, CA
<[hidden email]>               <http://www.StevePiercy.com/>


#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 & Sessions

Ke Carlton-3
None of your examples mentioned -useauto, so I'm not sure in what context
you mean "my code sample, too".

Regardless, there's already been too much noise about nothing much.

Ke

On 17 October 2014 22:02, Steve Piercy - Website Builder <
[hidden email]> wrote:

>
> Yup.  That does it for my code sample, too.
>
>
>>

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 & Sessions

stevepiercy
On 10/17/14 at 10:12 PM, [hidden email] (Ke Carlton) pronounced:

>None of your examples mentioned -useauto, so I'm not sure in what context
>you mean "my code sample, too".

Adding -useauto=false to my code sample, and commenting out the
redirect stuff, achieves the expected behavior, too.

>Regardless, there's already been too much noise about nothing much.

Do you mean pointing out inconsistent and incomplete docs is
"too much noise about nothing much" (in which case I would
disagree with you), or something else?

--steve


>Ke
>
>On 17 October 2014 22:02, Steve Piercy - Website Builder <
>[hidden email]> wrote:
>
>>
>>Yup.  That does it for my code sample, too.
>>
>>
>>>
>
>#############################################################
>
>This message is sent to you because you are subscribed to
>the mailing list Lasso [hidden email]
>Official list archives available at http://www.lassotalk.com
>To unsubscribe, E-mail to: <[hidden email]>
>Send administrative queries to  <[hidden email]>

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Steve Piercy              Website Builder              Soquel, CA
<[hidden email]>               <http://www.StevePiercy.com/>


#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 & Sessions

Jolle Carlestam-2
In reply to this post by Ke Carlton-3
For what it’s worth, I don’t use the built in Lasso 9 session handling anymore. Have rolled out my own.
I find the standard session handler burdened by some old pre Lasso 9 thinking and by being forced to be backwards compatible.

Some stuff I don’t like with the standard session handler:

Forcing me to use thread variables. From a best practices point of view we are recommended to use them sparingly and instead use local vars wherever possible. So the session handler should not force us to use thread variables.

The entire -useauto, -uselink, -usecookie fiddling and confusion.

The coding process for dealing with sessions is cumbersome and prone to mistakes and misunderstandings.
        Having to start a session in order to work with it
        Having to create variables and then assign them to the session
        When calling a var not having a safe way of knowing if this is data from a session or put there somewhere else
        Session data stored as a confusing and chatty XML object
        etc.


My own session handler is robust and easy to use.

Date is stored in maps, one for data and one for permissions.

Calling them is easy

session -> data(’data_key’)
-> returns the data asked for or void if not found

session -> permission(’edit_calendar’) or
session -> permission((:’ edit_calendar’, ’view_calendar’))
-> returns true or false depending on if the permission was set for this user or not.

All session data is stored in a DB, using DS. The permission and data maps are converted to json objects before being stored in the table row. On first call for a session the data populate a session object reversing the json objects to maps that will then be available for the rest of the thread process.

Storing data is similarly easy.

session -> data(’data_key’, ’Data Value')
session -> permission(’edit_calendar’, true|false)


Creating a new session is done when a user is successfully logged in.

session -> addsession(
        'session Name’,
        ’User ID’,
        map(), // permissions
        map(), // data
        expirevalue // integer, minutes the session should be active
)
This also sets a cookie used for further session tracking on subsequent page requests.

If a user has not been logged in any call for session info like data or permissions will return void or false. It will not get a hiccup and fail like standard session variable calls would.

HDB
Jolle

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 & Sessions

Jonathan Guthrie-3
In reply to this post by stevepiercy
On Oct 17, 2014, at 2:03 AM, Steve Piercy - Website Builder <[hidden email]> wrote:

> Completely ignores my code sample that demonstrates the bug.  Please disregard everything I write.  It's misinformation.

OK...

You mentioned that "I've seen chatter in LassoChat in AIM that this issue is being worked on for the 9.3 beta."

I quoted that in my reply as being the thing that people reading your email should ignore, as it's incorrect. The issue Tim Taplin raised in the beta program, which he is actively a part of, is that the session_result signature options seem to be inconsistent because of the changes to behaviour caused by the fixes to multiple dispatch. That's rather different to the uselink behaviour that was being discussed in this thread, so I was helpfully pointing out that readers should not confuse issues.

Jono

----------------------------
Jonathan Guthrie
[hidden email]
@iamjono
LassoSoft Inc.
AIM Chatroom: lassochat


#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 & Sessions

decorior
In reply to this post by Jolle Carlestam-2
Is the something that could be posted to tagswap?

Since we all have to use sessions?

Deco
On Oct 17, 2014, at 5:08 AM, Jolle Carlestam <[hidden email]> wrote:

> For what it’s worth, I don’t use the built in Lasso 9 session handling anymore. Have rolled out my own.
> I find the standard session handler burdened by some old pre Lasso 9 thinking and by being forced to be backwards compatible.
>
> Some stuff I don’t like with the standard session handler:
>
> Forcing me to use thread variables. From a best practices point of view we are recommended to use them sparingly and instead use local vars wherever possible. So the session handler should not force us to use thread variables.
>
> The entire -useauto, -uselink, -usecookie fiddling and confusion.
>
> The coding process for dealing with sessions is cumbersome and prone to mistakes and misunderstandings.
> Having to start a session in order to work with it
> Having to create variables and then assign them to the session
> When calling a var not having a safe way of knowing if this is data from a session or put there somewhere else
> Session data stored as a confusing and chatty XML object
> etc.
>
>
> My own session handler is robust and easy to use.
>
> Date is stored in maps, one for data and one for permissions.
>
> Calling them is easy
>
> session -> data(’data_key’)
> -> returns the data asked for or void if not found
>
> session -> permission(’edit_calendar’) or
> session -> permission((:’ edit_calendar’, ’view_calendar’))
> -> returns true or false depending on if the permission was set for this user or not.
>
> All session data is stored in a DB, using DS. The permission and data maps are converted to json objects before being stored in the table row. On first call for a session the data populate a session object reversing the json objects to maps that will then be available for the rest of the thread process.
>
> Storing data is similarly easy.
>
> session -> data(’data_key’, ’Data Value')
> session -> permission(’edit_calendar’, true|false)
>
>
> Creating a new session is done when a user is successfully logged in.
>
> session -> addsession(
> 'session Name’,
> ’User ID’,
> map(), // permissions
> map(), // data
> expirevalue // integer, minutes the session should be active
> )
> This also sets a cookie used for further session tracking on subsequent page requests.
>
> If a user has not been logged in any call for session info like data or permissions will return void or false. It will not get a hiccup and fail like standard session variable calls would.
>
> HDB
> Jolle
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>  the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>


#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 & Sessions

stevepiercy
In reply to this post by Jonathan Guthrie-3
On 10/17/14 at 8:49 AM, [hidden email] (Jonathan Guthrie) pronounced:

>so I was helpfully pointing out

An elaboration in the first place, not afterward, would have
been helpful and saved face.  Helpful means giving aid or
assistance, not giving denials.  Your terse response was not helpful.

I hope you can look past this and realize that neither of our
original code samples solved the issue (they were essentially
the same, both omitting -useAuto = false, per Ke's correction).  
My original code sample, however, was intended to demonstrate
the issue with a reproducible example, not solve it.

Then in my follow up, I pointed out some possibly related issues
in the documentation (as Ke noted), session_start's
implementation, and when using a redirect (or not) after
starting a session.

I hope you can find some use for all this to understand what is
really at issue: implementation, docs, or something else.

--steve

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Steve Piercy              Website Builder              Soquel, CA
<[hidden email]>               <http://www.StevePiercy.com/>


#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 & Sessions

Marc Pinnell-3
In reply to this post by decorior
+1

Sent from my iPhone

> On Oct 17, 2014, at 6:09 AM, deco rior <[hidden email]> wrote:
>
> Is the something that could be posted to tagswap?
>
> Since we all have to use sessions?
>
> Deco
>> On Oct 17, 2014, at 5:08 AM, Jolle Carlestam <[hidden email]> wrote:
>>
>> For what it’s worth, I don’t use the built in Lasso 9 session handling anymore. Have rolled out my own.
>> I find the standard session handler burdened by some old pre Lasso 9 thinking and by being forced to be backwards compatible.
>>
>> Some stuff I don’t like with the standard session handler:
>>
>> Forcing me to use thread variables. From a best practices point of view we are recommended to use them sparingly and instead use local vars wherever possible. So the session handler should not force us to use thread variables.
>>
>> The entire -useauto, -uselink, -usecookie fiddling and confusion.
>>
>> The coding process for dealing with sessions is cumbersome and prone to mistakes and misunderstandings.
>>    Having to start a session in order to work with it
>>    Having to create variables and then assign them to the session
>>    When calling a var not having a safe way of knowing if this is data from a session or put there somewhere else
>>    Session data stored as a confusing and chatty XML object
>>    etc.
>>
>>
>> My own session handler is robust and easy to use.
>>
>> Date is stored in maps, one for data and one for permissions.
>>
>> Calling them is easy
>>
>> session -> data(’data_key’)
>> -> returns the data asked for or void if not found
>>
>> session -> permission(’edit_calendar’) or
>> session -> permission((:’ edit_calendar’, ’view_calendar’))
>> -> returns true or false depending on if the permission was set for this user or not.
>>
>> All session data is stored in a DB, using DS. The permission and data maps are converted to json objects before being stored in the table row. On first call for a session the data populate a session object reversing the json objects to maps that will then be available for the rest of the thread process.
>>
>> Storing data is similarly easy.
>>
>> session -> data(’data_key’, ’Data Value')
>> session -> permission(’edit_calendar’, true|false)
>>
>>
>> Creating a new session is done when a user is successfully logged in.
>>
>> session -> addsession(
>>    'session Name’,
>>    ’User ID’,
>>    map(), // permissions
>>    map(), // data
>>    expirevalue // integer, minutes the session should be active
>> )
>> This also sets a cookie used for further session tracking on subsequent page requests.
>>
>> If a user has not been logged in any call for session info like data or permissions will return void or false. It will not get a hiccup and fail like standard session variable calls would.
>>
>> HDB
>> Jolle
>>
>> #############################################################
>>
>> This message is sent to you because you are subscribed to
>> the mailing list Lasso [hidden email]
>> Official list archives available at http://www.lassotalk.com
>> To unsubscribe, E-mail to: <[hidden email]>
>> Send administrative queries to  <[hidden email]>
>
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>  the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 & Sessions

Marc Pinnell-3
In reply to this post by stevepiercy
Can you elaborate on not setting sessions for anonymous users? That bit intrigues me. I've always just made a session upon first visit. It's basically blank until login, which always seemed a bit of a waste to me.

Sent from my iPhone

> On Oct 17, 2014, at 2:02 AM, Steve Piercy - Website Builder <[hidden email]> wrote:
>
> On 10/17/14 at 8:44 PM, [hidden email] (Ke Carlton) pronounced:
>
>> If I recall correctly (also just tested) if you want links to not be linked
>> when cookies are not present you should set -useauto to false.
>>
>> <?lasso
>> session_start(
>> 'Test',
>> -Expires = 10,
>> -useAuto = false,
>> -UseCookie
>> )
>> ?>
>>
>> <a href="/index.htm">Test 1</a>
>
> Yup.  That does it for my code sample, too.
>
>> You can test this by removing all cookies and then blocking cookies on the
>> domain you're testing. The first and subsequent loads will not link the
>> hrefs, if you remove -useAuto = false they will be linked. I suspect
>> -useauto by default is true which is contrary to the docs, but is probably
>> the best default otherwise people will complain about sessions "not
>> working".
>
> In these docs...
> http://lassoguide.com/operations/sessions.html?#session_start
> ...the explanation of the behavior when using -useauto by itself seems correct.  However the observed behavior when only -usecookie is used and -useauto is omitted is not consistent with the docs.  It appears that session_start uses -useauto regardless of the usage of -usecookie in this case.
>
> This sequence may help explain the behavior.
>
> page request 1
> --------------
> no cookie exists
> click link/button to start session
> no cookie can be sent to lasso in the request header yet
> lasso could not read a cookie, so it decorates links in the response
> lasso sets a cookie in the browser in the response header
>
> page request 2
> --------------
> cookie exists
> click any old link
> cookie is sent to lasso in the request header
> lasso reads the cookie, so it does not decorate links in the response
> lasso sets a cookie in the browser in the response header
>
> The docs are incomplete here.
> http://www.lassosoft.com/LassoDocs/languageReference/obj/session_start
>
> I never caught this issue because, in my session manager, I do a redirect after a successful login.  I also tend to avoid sessions for anonymous users.
>
> --steve
>
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
> Steve Piercy              Website Builder              Soquel, CA
> <[hidden email]>               <http://www.StevePiercy.com/>
>
>
> #############################################################
>
> This message is sent to you because you are subscribed to
> the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 & Sessions

Jolle Carlestam-2
In reply to this post by decorior
17 okt 2014 kl. 15:09 skrev deco rior <[hidden email]>:

> Is the something that could be posted to tagswap?
>
> Since we all have to use sessions?
>
> Deco

17 okt 2014 kl. 17:08 skrev Marc Pinnell <[hidden email]>:

> +1

I did think about it when writing my reply. And since there has now been an interest expressed I’ll take a look at it. Thing is it is a bit intertwined with other bits and pieces of my ”framework” and need to be singled out to a standalone type. It would also require you to have a table for it and Ke’s DS installed.

I will come back in the matter.

HDB
Jolle

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: L9 & Sessions

stevepiercy
In reply to this post by Marc Pinnell-3
Well, I just don't.  There is nothing on which to elaborate.  I
only start a session when the u/p is valid (the user has
authenticated), at which point the user is no longer anonymous.

Maybe I don't understand the question.  So, let me turn it
around and ask you, for what purpose do you need to start a
session for an anonymous user?

--steve


On 10/17/14 at 8:10 AM, [hidden email] (Marc
Pinnell) pronounced:

>Can you elaborate on not setting sessions for anonymous users?
>That bit intrigues me. I've always just made a session upon
>first visit. It's basically blank until login, which always
>seemed a bit of a waste to me.
>
>Sent from my iPhone
>
>>On Oct 17, 2014, at 2:02 AM, Steve Piercy - Website Builder <[hidden email]>
>wrote:
>>
>>On 10/17/14 at 8:44 PM, [hidden email] (Ke Carlton) pronounced:
>>
>>> If I recall correctly (also just tested) if you want links to not be linked
>>> when cookies are not present you should set -useauto to false.
>>>   <?lasso
>>> session_start(
>>> 'Test',
>>> -Expires = 10,
>>> -useAuto = false,
>>> -UseCookie
>>> )
>>> ?>
>>>   <a href="/index.htm">Test 1</a>
>>
>>Yup.  That does it for my code sample, too.
>>
>>> You can test this by removing all cookies and then blocking cookies on the
>>> domain you're testing. The first and subsequent loads will not link the
>>> hrefs, if you remove -useAuto = false they will be linked. I suspect
>>> -useauto by default is true which is contrary to the docs, but is probably
>>> the best default otherwise people will complain about sessions "not
>>> working".
>>
>>In these docs...
>>http://lassoguide.com/operations/sessions.html?#session_start
>>...the explanation of the behavior when using -useauto by itself seems correct.
>However the observed behavior when only -usecookie is used and
>-useauto is omitted is not consistent with the docs.  It
>appears that session_start uses -useauto regardless of the
>usage of -usecookie in this case.
>>
>>This sequence may help explain the behavior.
>>
>>page request 1
>>--------------
>>no cookie exists
>>click link/button to start session
>>no cookie can be sent to lasso in the request header yet
>>lasso could not read a cookie, so it decorates links in the response
>>lasso sets a cookie in the browser in the response header
>>
>>page request 2
>>--------------
>>cookie exists
>>click any old link
>>cookie is sent to lasso in the request header
>>lasso reads the cookie, so it does not decorate links in the response
>>lasso sets a cookie in the browser in the response header
>>
>>The docs are incomplete here.
>>http://www.lassosoft.com/LassoDocs/languageReference/obj/session_start
>>
>>I never caught this issue because, in my session manager, I do a redirect after a
>successful login.  I also tend to avoid sessions for anonymous users.
>>
>>--steve
>>
>>-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
>>Steve Piercy              Website Builder              Soquel, CA
>><[hidden email]>               <http://www.StevePiercy.com/>
>>
>>
>>#############################################################
>>
>>This message is sent to you because you are subscribed to
>>the mailing list Lasso [hidden email]
>>Official list archives available at http://www.lassotalk.com
>>To unsubscribe, E-mail to: <[hidden email]>
>>Send administrative queries to  <[hidden email]>
>
>#############################################################
>
>This message is sent to you because you are subscribed to
>the mailing list Lasso [hidden email]
>Official list archives available at http://www.lassotalk.com
>To unsubscribe, E-mail to: <[hidden email]>
>Send administrative queries to  <[hidden email]>

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Steve Piercy              Website Builder              Soquel, CA
<[hidden email]>               <http://www.StevePiercy.com/>


#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
12