Chris McDonnough -- 03/03/2001, 16:51 :
Hi Jerome,
First question: Say my cookies are set to last 14 days, but my session
data
manager only stores session data for 60 minutes... What happens? Say a visitor comes, sets some preferences, leaves and comes back two days
later. A
new session oject is created. Are the old cookies "imported" in the new object or is the data lost?
The data is lost. The data container timeout determines how long the data sticks around, not the cookie timeout (the cookie contains what you can think of as a "browser id" rather than a "session id", although the docs claim its a sessionid... this is why the docs go into some explanation of this phenomena). In many cases, it's desirable to use a session id as... well.. a session id, instead of trying to use it to associate data with a user for time immemorial. One common pattern is to use a session data object to store data about the user until they log in. Then when they log in, you copy the data from the session data object to an object associated with the user, and then clear the session data, considering the user-associated data canonical.
I have been thinking about this... There are several cases in which a site needs to tack user information. In some cases, the site needs to store security-sensitive user info locally... Your current CST code fits that bill very nicely. But often, you just want to store user preferences. These preferences need not be secure so can be stored on the client... And you want to keep those for as long as someone visits your site, so storing it on the server is actually troublesome. To fill this need, people often manually set cookies. But I hate manually setting cookies. I often bump into problems when I try to do so. On the other hand, I love the simplicity of CST. And I wonder: could CST not be used to accomplish both goals via the development of a cookie-based session data manager? You would have a data manager which stores all information client-side via cookies. The data could be stored much longer, months instead of hours. And it would not impact resources, RAM or filesystem. I would not use this to store security-sensitive data about logged-in users, but I would definitely use it to remember which skin an anonymous user preferred. Is that at all possible? Will we see something like this someday? Just wondering. Thanks for CST, it's great. Cheers, Jérôme Loisel -- Jérôme Loisel Lévinux: GNU/Linux dans les communautés à Lévis