[AWS] AWS.Session.Save problems
Thomas Løcke
thomas.granvej6 at gmail.com
Mon Nov 26 13:33:48 CET 2012
I had a similar issue where sessions could be tampered with between calling
session save and actually stopping the server. I "solved" it by setting a
Not Found dispatcher for the AWS server just before I saved the sessions.
This made sure that no users could tamper with the sessions between session
save and the actual server shutdown.
I'm not entirely sure how great I think my solution is, but it appears to
do the trick.
An optimal solution, IMHO, would be to allow calling session save _after_
the HTTP server has been shut down.
On Fri, Nov 23, 2012 at 1:50 PM, Jacob Sparre Andersen <sparre at nbi.dk>wrote:
> While I was testing my OpenID demo I noticed a problem with
> AWS.Session.Save; it didn't save anything.
>
> The three (first) commits in <http://repositories.jacob-**
> sparre.dk/aws.session.save-**and-load-test/<http://repositories.jacob-sparre.dk/aws.session.save-and-load-test/>>
> show:
>
> 1649112: What doesn't work.
>
> 9dc3b54: What works, but risks information loss.
>
> 204349e: What works, but makes the application hang once the
> web server is stopped.
>
> Greetings,
>
> Jacob
> --
> Statistics is like a bikini - what it shows is very suggestive,
> but the most important stuff is still hidden.
> ______________________________**_________________
> AWS mailing list
> AWS at lists.adacore.com
> http://lists.adacore.com/**mailman/listinfo/aws</no-more-mailman.html>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/aws/attachments/20121126/3ec56a37/attachment.html>
More information about the AWS
mailing list