Re: Wosid suppression broken in 5.4?
Re: Wosid suppression broken in 5.4?
- Subject: Re: Wosid suppression broken in 5.4?
- From: "Mr. Pierre Frisch" <email@hidden>
- Date: Thu, 20 Dec 2007 05:41:48 -0800
I am trying to find a solution along those lines. It is not very easy
because all those API used to hidden in WO 5.3 and are now public in
WO 5.4 to give you more control on the query dictionary so I have
quite a few constraints.
Pierre
--
Pierre Frisch
email@hidden
On Dec 20, 2007, at 5:19, Mike Schrag wrote:
No session exist before the call (typically a direct action)
or The session id is not stored in the URL (i.e. it is stored in
the cookie)
or There is a binding ?wosid=false
or The query dictionary contains a key wosid bound to Boolean.FALSE
It seems like the old behavior will really only be a problem if you
for some reason construct a fully qualified absolute URL to your own
application, but I would say 1) this is really rare -- definitely
the exception and 2) almost certainly if you did this, you did it
with the WO URL factories which would put the WOSID on the URL for
you anyway. Given that it seems like the exceptional case that you
are linking back to yourself and NOT using pageName/directActionName
OR one of the WO factory methods, it almost seems like if the URL is
absolute, then you could default to NOT do it and support "?
wosid=true" which would append the SID if all of the above
constraints are still true. For instance, if I pass in
Test : WOHyperlink {
href = "http://www.mysite.com/.../MyApp.woa/something";;
}
... this would be completely backwards compatible and behave as
expected. If I do
Test : WOHyperlink {
pageName = "SomeOtherPage";
?wosid=false;
}
... this would strip the SID off, and if I do
Test : WOHyperlink {
href = "http://www.mysite.com/.../MyApp.woa/something";;
?wosid = true;
}
... this would support the exception case of adding the session ID
to my absolute URL to my own application. To me, it makes sense
that you have to do a little extra work if you're outside of the
norm, which absolute urls to yourself seems like -- only an
intermediate level WO person I think would even know the methods to
call to even construct such a URL properly, so having them
understand ?wosid=true seems OK to me. Note that ?wosid=true I
think follows the exact same rules as above -- It only adds a
session id if you already have one, sessions are not in URLs, etc.
I think you would do ?wosid=session.id; if you want to force it to
happen.
ms
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden