wiki:SessionManagement

-> http://proj.badc.rl.ac.uk/qesdi/wiki

Session Management

Currently the QESDI UI keeps its session via a long URL. This is convenient for testing and develpoment, but is likely to be to restrictive as we try to integrate the UI with other functions, such as the shopping basket and data download pages.

Options for storing session info:

(1) Cookies: Against: might expire at inconvenient times, cannot have multiple session in one terminal (e.g. multiple browser tabs for multiple projects)

For: no server side requirements

(2) server side session manager: Against: need to design and build it

For: very flexible

(3) CMS session manager: the QESDI UI is currently implemented to run within joomla, and will run within plone for IS-ENES, so usign the CMS session manager is problematic -- but it would be good to know a bit about how CMS session managers work in general.

What might a server side session manager do?

(1) Issue session ID. (2) Save session (a collection of {name,value} pairs). (3) Restore session. (4) Delete session.

For the QESDI UI we don't need security, but is the easiest way to set up session management to implement something Phil has already developed and switch the security off?