Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Dancer2 per-window sessions?

by kikuchiyo (Hermit)
on Jul 01, 2019 at 16:34 UTC ( [id://11102246]=perlquestion: print w/replies, xml ) Need Help??

kikuchiyo has asked for the wisdom of the Perl Monks concerning the following question:

Hi.all;

I have a Dancer2 application for which I use the YAML session engine. Its purpose is to provide a simple GUI for certain system administration tasks at $work. The app is constructed so that the user first encounters a login page where he can enter his username and password, and the name of the server he wants to work on, and if the credentials are correct, the app displays the state of the various services running on the server and the actions available on them. (I'm deliberately vague here - the details are not really important.)

I use (abuse?) Dancer2's session mechanism to store all the relevant data from the server the user working on - and here is my problem. Dancer2's sessions are, in effect, per browser. So if the user opens my app on a browser tab, logs in to one server, then opens a second tab and attempts to log in to a different server, it won't work, because (at best) it will display the data from the existing session, or (at worst) behave in a confusing, incorrect way.

Is it possible to make the sessions per window (or more properly, per browser tab)? The closest example I've found is Dancer::Plugin::WindowSession, but that's an abandoned module for Dancer 1, apparently not ported to Dancer2.

Replies are listed 'Best First'.
Re: Dancer2 per-window sessions?
by afoken (Chancellor) on Jul 01, 2019 at 17:55 UTC
    The app is constructed so that the user first encounters a login page where he can enter his username and password, and the name of the server he wants to work on, [...] I use (abuse?) Dancer2's session mechanism to store all the relevant data from the server the user working on - and here is my problem. Dancer2's sessions are, in effect, per browser.

    Your problem is your login page. Dancer2's session's aren't per browser. They are per browser, server, and TCP port. If Dancer2 uses cookies for storing a session key (most likely it does), you can set the cookies for a subtree of the document tree. So if you construct your URLs to look like http://loginserver.example.com/session/littleserver/..., http://loginserver.example.com/session/bigserver/..., http://loginserver.example.com/session/otherserver/..., and so on, and set the cookies path to include the server name (i.e. /session/littleserver, /session/bigserver, ....), Dancer2 should not confuse the sessions.

    Alexander

    --
    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
[reply]
      I haven't looked at Dancer 2, but Dancer 1 uses cookie-based sessions, so I feel comfortable assuming that Dancer 2 sessions are also cookie-based.

      While your suggestion of using more specific cookie paths is a good one, the OP should be aware that this would provide per-backend-server (or, more precisely, per-document-subtree) sessions, not per-tab sessions. So if, for example, you had two tabs open to bigserver, then those two tabs would still share a single session, even though it would be a separate session than the one in a third tab open to littleserver.

[reply]
Re: Dancer2 per-window sessions?
by afoken (Chancellor) on Jul 01, 2019 at 17:47 UTC

    HTTP knows nothing like windows or tabs, just a user agent. And that's a good thing. Did you know there are several user agents that do NOT run in a windowed environment? I'm thinking of links, lynx, and Arachne. Also, most smartphones don't use windows.

    So no, without very tricky hacks on the client side, you won't be able to have per-window sessions.

    Perhaps private browsing mode may work, it should isolate the visited website from the other websites.

    You could also create several Firefox profiles, and use several Firefox instances in parallel. You may need to add a command line parameter like "-no-remote" or something like that to prevent firefox reusing windows. (Or at least, it worked that way 10 years ago.)

    Alexander

    --
    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
[reply]
Re: Dancer2 per-window sessions? (just another variable, url rewriting, form nonce token , xsrf csrf)
by Anonymous Monk on Jul 02, 2019 at 07:47 UTC
[reply]
[d/l]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://11102246]
Front-paged by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (5)
As of 2024-04-26 06:51 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found