Fwd: timestamps and cookies (Re: [Demexp-dev] First XML RPC proxy available

[Augustin]

Hi,

Forwarding the message below to the list, and adding a comment about cookies 
and goodbye().

David, another solution to the cookie/goodbye problem I explained below, is to 
call login at the beginning of a page load, and call goodbye() at the end of 
the page load. I like this solution much less because:
1) in increases the number of calls to the server, 
2) increases the time to build a whole page because of the latency of the xml 
call.
3) I need to store the user's demexp password on the website (DB though I 
could also put it in $_SESSION[]).

So, all in all, it's difficult to completely avoid login() without goodbye() 
altogether.

Augustin.


----------  Forwarded Message  ----------

Subject: timestamps and cookies (Re: [Demexp-dev] First XML RPC proxy 
available
Date: Saturday 09 September 2006 11:44 pm
From: Augustin 
To: David MENTRE 

On Saturday 09 September 2006 11:12 pm, you wrote:
> I've worked on the XML RPC proxy and added following methods:
>
>  - get_timestamps()
>  - get_timestamps_decoded()
>  - get_vote()
>  - max_tag_id()
>  - tag_info()
>  - tag_set_of_question_group()
>  - goodbye()

great! Thanks.
There is enough to prevent me to write long emails for a long while :)

I have a question already: I have read in your pdf and in the list archives
the definition of your timestamp.
I saw that some timestamp == 0
is it for those questions that have never been updated since their creation?
Don't you store the timestamp of the date of creation?

I am asking because I'm thinking to have all questions sorted somewhere by
date of last update, but if all recently created questions have a timestamp
of 0, I cannot use your timestamp for this purpose, and I need to create my
own timestamp.


Also, about session cookies. I plan to have a login valid for the duration of
an http session.

>  To close the current connection opened with login(). It is *strongly*
>  recommended to do a goodbye() for each login().

I cannot know when the user will stop using the web site, so I have to store
the cookie somewhere so that I can call goodbye either just before the next
session starts, or using cron and cleaning the sessions of users who have
been innactive for an hour or more...

Hmmm... This forces me to store the cookie in two places. One, in the
$_SESSION['demexp_cookie'] variable: this value is definitively lost at the
end of the user's http session. Since I don't know how long the user is going
to browse the site, I don't get a chance to call goodbye.
So, I need to store the cookie in a second more permanent place (in the DB),
and check it against the $_SESSION cookie. If it matches, we are in the same
session. If not, I call goodbye() using the stored cookie, and ask the user
to login again onto the demexp server for the duration of the new http
session.

Would that do?

But, I have no way to know whether the same user has tried to login again
using a hard client before I got a chance to say goodbye(): Imagine the
scenario of a user wanting to compare the web client and the hard client. He
logs in through the web client and just after that logs in with the client.
This way, the user may have two different cookies at the same time (or would
the first cookie delivered be automatically be invalidated when the second is
served)
Would that be a problem for you? I cannot prevent that.



Augustin.

-------------------------------------------------------

-- 
http://www.wechange.org/
Because we and the world need to change.
 
http://www.reuniting.info/
Intimate Relationships, peace and harmony in the couple.

http://www.gnosis-usa.com/
Revolutionary Psychology, White Tantrism, Dream Yoga...

http://www.masquilier.org/
Condorcet, Approval alternative, better voting methods.