My OperaAre you the person I spoke with, last time?
Wednesday, December 9, 2009 5:31:54 PM
An important feature of web application nowadays is the ability to keep track of the users. For example, the Fridge application determines whether a note belongs to a user to allow him/her to remove their own notes.
There are basically1 three mechanisms that support storing user properties: session variables, query strings2, and cookies. Cookies and query string are client-side3 while session variables are server-side4. In other words, users can fiddle with the formers, but not (directly) with the later.
The basic idea is that data stored on the user side cannot be trusted while those on the server can, to some extent. However, deciding whether the user is still the same as last time for the server is not failproof. It is also worth noting that with cookies, the user is in control. If the user want his setting cleared when closing the browser, he/she can do so.
Concretely, your application may allow the user to change the display theme. The current theme may not be sensitive enough to use server resources in a session variable. The cookie solution is preferable. On the other hand, your application may need to associate items to users, to allow each user to edit his/her own items (e.g. Fridge). Users will try cheating and edit other's items; in such a situation, session variables are better.
Using session variables
The Yusef application framework provides session variables through the getSessionVariable and setSessionVariable functions. Their basic usage is illustrated in the following:
Session variables can also be removed when not more needed. This is done through the deleteSessionVariable function:
Sessions in Yusef can also be tweaked to some extend. For this purpose, session configuration options are exposed in core.js. One setting of interest is _config.sessionTTL. A user inactive for more than this time will be logged out.
Cookies
In bare bones Unite, cookies are handled as other request headers: the WebServerResponse.setResponseHeader and WebServerRequest.headers functions are used for this purpose.
Yusef, aguments WebServerResponse and WebServerRequest with the getCookie and setCookie functions. The following shows their usage:
There are basically1 three mechanisms that support storing user properties: session variables, query strings2, and cookies. Cookies and query string are client-side3 while session variables are server-side4. In other words, users can fiddle with the formers, but not (directly) with the later.
The basic idea is that data stored on the user side cannot be trusted while those on the server can, to some extent. However, deciding whether the user is still the same as last time for the server is not failproof. It is also worth noting that with cookies, the user is in control. If the user want his setting cleared when closing the browser, he/she can do so.
Concretely, your application may allow the user to change the display theme. The current theme may not be sensitive enough to use server resources in a session variable. The cookie solution is preferable. On the other hand, your application may need to associate items to users, to allow each user to edit his/her own items (e.g. Fridge). Users will try cheating and edit other's items; in such a situation, session variables are better.
Using session variables
The Yusef application framework provides session variables through the getSessionVariable and setSessionVariable functions. Their basic usage is illustrated in the following:
/* in some section or action handler, exhibiting a connection variable */ Yusef.setSessionVariable(connection, "User's items", [1, 2, 5]); Yusef.setSessionVariable(connection, "The number", 42); ... var items = Yusef.getSessionVariable(connection, "User's items");Note that setSessionVariable will copy the value passed before storing it.
Session variables can also be removed when not more needed. This is done through the deleteSessionVariable function:
Yusef.deleteSessionVariable(connection, "Session Variable Name");
Sessions in Yusef can also be tweaked to some extend. For this purpose, session configuration options are exposed in core.js. One setting of interest is _config.sessionTTL. A user inactive for more than this time will be logged out.
Cookies
In bare bones Unite, cookies are handled as other request headers: the WebServerResponse.setResponseHeader and WebServerRequest.headers functions are used for this purpose.
Yusef, aguments WebServerResponse and WebServerRequest with the getCookie and setCookie functions. The following shows their usage:
/* in some section or action handler, exhibiting a connection variable */
var css_file = connection.request.getCookie("theme");
...
connection.request.setCookie("theme", "blue-red-gray.css");
Note that while session variables can store whole javascript objects, (get|set)Cookie only deal with strings.- Other mechanisms are also worth considering but won't be discussed here.
- Parameters in the url. For example, in url http://www.example.org/search?id=123&q=hello, the id=123&q=hello part are options. These are more or less transcient, and will not be discussed in this post.
- On the user machine
- Inside unite.
