[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnumed-devel] GNUmed web interface - state of affairs

From: lkcl
Subject: Re: [Gnumed-devel] GNUmed web interface - state of affairs
Date: Fri, 16 Jul 2010 03:29:56 -0700 (PDT)

Jim Busser wrote:
> On 2010-07-15, at 7:47 AM, Sebastian Hilbert wrote:
>> as long as
>> the user does not clear the browser's cache, the user will always be
>> connected to the exact same back-end web server process.
> Will the backend need a special table in which to store these cookies?
in ordinary web application frameworks, typically yes.  however with
multitaskhttpd the whole point is that the cookies are in-memory, single
process, accessible across *all* incoming requests, and so the "need" to
store the cookies in some "special table", because you have no idea which
"thread" or "process" will be dealing with a particular request, is entirely

> Is the need for permanent cookies or (for example) would once-a-day
> cookies be sufficient?
the lifetime of the cookie needs to be as great as the application-specific
timeout period specified for logins / idle activity.

> If the backend cannot know which cookies will never again be used, because
> the user
> may upgrade a browser, without bringing forward the cookies
> may use a variety of browsers, and not use them again
> may use a guest machine, and never use it again (risk)
that's fine.  after an application-specific timeout, the back-end process
will die, problem solved.

> may turn off cookies and generate new ones
>       (what happens to the old browser side cookies?)
> should the server be designed to refuse connections from browsers that
> will not accept cookies, and to periodically (daily) flush all cookies?


 exactly how that can be achieved is tricky.  it will almost certainly have
to be a job done by the proxy itself, perhaps by:

* setting a cookie
* responding with a "REDIRECT" with the exact same URL
* seeing if the cookie was set in the re-connect
* if not, throw up an "error page" saying "cookies must be allowed!"
* if yes, allow the request through to the proxy

if you allow non-cookie-accepting browsers through, you're in deep shit. 
each request coming through will result in yet another permanent back-end
process being created, and the server will quickly be run out of resources.

View this message in context:
Sent from the GnuMed - Dev mailing list archive at

reply via email to

[Prev in Thread] Current Thread [Next in Thread]