Menu
▾
▴
naviserver-devel
|
From: Ian H. <har...@gm...> - 2009-02-15 18:55:51
|
Hello, I am migrating to Naviserver from AOLServer mostly because of the excellent nsdbi module. My existing code is depended on the nssession module http://bas.scheffers.net/aolserver/ . It doesn't compile and run unmodified under Naviserver, but before I start hacking on it, is there an existing session module or a tcl solution that someone else has already written? Thanks! - Ian |
|
From: Vlad S. <vl...@cr...> - 2009-02-15 23:16:07
|
No such module exists. You can port your module, the only thing to implement is Ns_CacheFind, because naviserver does not keep track of new caches, this is up to developer to decide Ian Harding wrote: > Hello, > > I am migrating to Naviserver from AOLServer mostly because of the > excellent nsdbi module. > > My existing code is depended on the nssession module > http://bas.scheffers.net/aolserver/ . It doesn't compile and run > unmodified under Naviserver, but before I start hacking on it, is > there an existing session module or a tcl solution that someone else > has already written? > > Thanks! > > - Ian > > ------------------------------------------------------------------------------ > Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA > -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise > -Strategies to boost innovation and cut costs with open source participation > -Receive a $600 discount off the registration fee with the source code: SFAD > http://p.sf.net/sfu/XcvMzF8H > _______________________________________________ > naviserver-devel mailing list > nav...@li... > https://lists.sourceforge.net/lists/listinfo/naviserver-devel > |
|
From: Stephen D. <sd...@gm...> - 2009-02-16 19:47:10
|
On Sun, Feb 15, 2009 at 6:55 PM, Ian Harding <har...@gm...> wrote: > Hello, > > I am migrating to Naviserver from AOLServer mostly because of the > excellent nsdbi module. > > My existing code is depended on the nssession module > http://bas.scheffers.net/aolserver/ . It doesn't compile and run > unmodified under Naviserver, but before I start hacking on it, is > there an existing session module or a tcl solution that someone else > has already written? > I'm not sure that it's worth porting that module. The cache locking is broken, the file handling looks dodgy, and in general it has some odd ideas about configuration and string handling. If all you need to do is replicate some ns_session Tcl commands so your existing code works then the easiest way would be to create a work-alike using the existing naviserver Tcl commands: * cookie handling: naviserver has this built in: http://naviserver.sourceforge.net/n/naviserver/files/ns_cookie.html * caching: also now built in: http://naviserver.sourceforge.net/n/naviserver/files/ns_cache.html * persisting the session: just use nsdbi, if you're already using it. If you really want to use the file system, use ns_hashpath in nsd/pathname.c to prevent enormous directories from bogging down the server. * ns_rand: already exposed. It will be more robust than than the C nssession module, and almost certainly faster too. If you want to create something fancier as a C module, I'd be interested in helping. |
|
From: Ian H. <har...@gm...> - 2009-02-20 16:57:54
|
Stephen Deasey wrote: > On Sun, Feb 15, 2009 at 6:55 PM, Ian Harding <har...@gm...> wrote: > >> Hello, >> >> I am migrating to Naviserver from AOLServer mostly because of the >> excellent nsdbi module. >> >> My existing code is depended on the nssession module >> http://bas.scheffers.net/aolserver/ . It doesn't compile and run >> unmodified under Naviserver, but before I start hacking on it, is >> there an existing session module or a tcl solution that someone else >> has already written? >> >> > > > I'm not sure that it's worth porting that module. The cache locking is > broken, the file handling looks dodgy, and in general it has some odd > ideas about configuration and string handling. > > If all you need to do is replicate some ns_session Tcl commands so > your existing code works then the easiest way would be to create a > work-alike using the existing naviserver Tcl commands: > > * cookie handling: naviserver has this built in: > http://naviserver.sourceforge.net/n/naviserver/files/ns_cookie.html > > * caching: also now built in: > http://naviserver.sourceforge.net/n/naviserver/files/ns_cache.html > > * persisting the session: just use nsdbi, if you're already using > it. If you really want > to use the file system, use ns_hashpath in nsd/pathname.c to > prevent enormous > directories from bogging down the server. > > * ns_rand: already exposed. > > > It will be more robust than than the C nssession module, and almost > certainly faster too. > > > If you want to create something fancier as a C module, I'd be > interested in helping. > I cobbled together one using the built-in cookie and cache stuff. I'm sure I did it wrong. I'll send a link to the code as soon as I get the changes posted. I am not doing the filesystem persistence. If I even bother with it I'll do it in the database. Thanks! - Ian |
|
From: Ian H. <har...@gm...> - 2009-02-20 17:18:47
|
Stephen Deasey wrote: > On Sun, Feb 15, 2009 at 6:55 PM, Ian Harding <har...@gm...> wrote: > >> Hello, >> >> I am migrating to Naviserver from AOLServer mostly because of the >> excellent nsdbi module. >> >> My existing code is depended on the nssession module >> http://bas.scheffers.net/aolserver/ . It doesn't compile and run >> unmodified under Naviserver, but before I start hacking on it, is >> there an existing session module or a tcl solution that someone else >> has already written? >> >> > > > I'm not sure that it's worth porting that module. The cache locking is > broken, the file handling looks dodgy, and in general it has some odd > ideas about configuration and string handling. > > If all you need to do is replicate some ns_session Tcl commands so > your existing code works then the easiest way would be to create a > work-alike using the existing naviserver Tcl commands: > > * cookie handling: naviserver has this built in: > http://naviserver.sourceforge.net/n/naviserver/files/ns_cookie.html > > * caching: also now built in: > http://naviserver.sourceforge.net/n/naviserver/files/ns_cache.html > > * persisting the session: just use nsdbi, if you're already using > it. If you really want > to use the file system, use ns_hashpath in nsd/pathname.c to > prevent enormous > directories from bogging down the server. > > * ns_rand: already exposed. > > > It will be more robust than than the C nssession module, and almost > certainly faster too. > > > If you want to create something fancier as a C module, I'd be > interested in helping. > Here is my lame hack at a tcl module. It has some problems and is not done, but it does seem to work for certain small values of "work". http://code.google.com/p/grop/source/browse/trunk/nssession.tcl I want to "hide" the internal methods (id, load, etc) in a separate namespace, and will use a proper session id generator. I'd like to get rid of the upvar session_id. I wanted to use the connid as a key in a cache to lookup the session_id for those cases where there is not a cookie set yet. I couldn't figure out how to get it. I was hoping there was a "ns_conn id" I could use. Anyway, I would appreciate all input on things I am doing wrong or could do better. - Ian |
|
From: Vlad S. <vl...@cr...> - 2009-02-20 17:23:00
|
Why not to use nsv_incr to generate sequential session id? Or sequential ids is a bad idea? Ian Harding wrote: > Stephen Deasey wrote: >> On Sun, Feb 15, 2009 at 6:55 PM, Ian Harding <har...@gm...> wrote: >> >>> Hello, >>> >>> I am migrating to Naviserver from AOLServer mostly because of the >>> excellent nsdbi module. >>> >>> My existing code is depended on the nssession module >>> http://bas.scheffers.net/aolserver/ . It doesn't compile and run >>> unmodified under Naviserver, but before I start hacking on it, is >>> there an existing session module or a tcl solution that someone else >>> has already written? >>> >>> >> >> I'm not sure that it's worth porting that module. The cache locking is >> broken, the file handling looks dodgy, and in general it has some odd >> ideas about configuration and string handling. >> >> If all you need to do is replicate some ns_session Tcl commands so >> your existing code works then the easiest way would be to create a >> work-alike using the existing naviserver Tcl commands: >> >> * cookie handling: naviserver has this built in: >> http://naviserver.sourceforge.net/n/naviserver/files/ns_cookie.html >> >> * caching: also now built in: >> http://naviserver.sourceforge.net/n/naviserver/files/ns_cache.html >> >> * persisting the session: just use nsdbi, if you're already using >> it. If you really want >> to use the file system, use ns_hashpath in nsd/pathname.c to >> prevent enormous >> directories from bogging down the server. >> >> * ns_rand: already exposed. >> >> >> It will be more robust than than the C nssession module, and almost >> certainly faster too. >> >> >> If you want to create something fancier as a C module, I'd be >> interested in helping. >> > Here is my lame hack at a tcl module. It has some problems and is not > done, but it does seem to work for certain small values of "work". > > http://code.google.com/p/grop/source/browse/trunk/nssession.tcl > > I want to "hide" the internal methods (id, load, etc) in a separate > namespace, and will use a proper session id generator. I'd like to get > rid of the upvar session_id. I wanted to use the connid as a key in a > cache to lookup the session_id for those cases where there is not a > cookie set yet. I couldn't figure out how to get it. I was hoping > there was a "ns_conn id" I could use. > > Anyway, I would appreciate all input on things I am doing wrong or could > do better. > > - Ian > > ------------------------------------------------------------------------------ > Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA > -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise > -Strategies to boost innovation and cut costs with open source participation > -Receive a $600 discount off the registration fee with the source code: SFAD > http://p.sf.net/sfu/XcvMzF8H > _______________________________________________ > naviserver-devel mailing list > nav...@li... > https://lists.sourceforge.net/lists/listinfo/naviserver-devel > |
|
From: Ian H. <har...@gm...> - 2009-02-20 17:25:02
|
Vlad Seryakov wrote: > Why not to use nsv_incr to generate sequential session id? > > Or sequential ids is a bad idea? > > It makes it super easy to hijack sessions. They are supposed to be difficult to brute force. > Ian Harding wrote: > >> Stephen Deasey wrote: >> >>> On Sun, Feb 15, 2009 at 6:55 PM, Ian Harding <har...@gm...> wrote: >>> >>> >>>> Hello, >>>> >>>> I am migrating to Naviserver from AOLServer mostly because of the >>>> excellent nsdbi module. >>>> >>>> My existing code is depended on the nssession module >>>> http://bas.scheffers.net/aolserver/ . It doesn't compile and run >>>> unmodified under Naviserver, but before I start hacking on it, is >>>> there an existing session module or a tcl solution that someone else >>>> has already written? >>>> >>>> >>>> >>> I'm not sure that it's worth porting that module. The cache locking is >>> broken, the file handling looks dodgy, and in general it has some odd >>> ideas about configuration and string handling. >>> >>> If all you need to do is replicate some ns_session Tcl commands so >>> your existing code works then the easiest way would be to create a >>> work-alike using the existing naviserver Tcl commands: >>> >>> * cookie handling: naviserver has this built in: >>> http://naviserver.sourceforge.net/n/naviserver/files/ns_cookie.html >>> >>> * caching: also now built in: >>> http://naviserver.sourceforge.net/n/naviserver/files/ns_cache.html >>> >>> * persisting the session: just use nsdbi, if you're already using >>> it. If you really want >>> to use the file system, use ns_hashpath in nsd/pathname.c to >>> prevent enormous >>> directories from bogging down the server. >>> >>> * ns_rand: already exposed. >>> >>> >>> It will be more robust than than the C nssession module, and almost >>> certainly faster too. >>> >>> >>> If you want to create something fancier as a C module, I'd be >>> interested in helping. >>> >>> >> Here is my lame hack at a tcl module. It has some problems and is not >> done, but it does seem to work for certain small values of "work". >> >> http://code.google.com/p/grop/source/browse/trunk/nssession.tcl >> >> I want to "hide" the internal methods (id, load, etc) in a separate >> namespace, and will use a proper session id generator. I'd like to get >> rid of the upvar session_id. I wanted to use the connid as a key in a >> cache to lookup the session_id for those cases where there is not a >> cookie set yet. I couldn't figure out how to get it. I was hoping >> there was a "ns_conn id" I could use. >> >> Anyway, I would appreciate all input on things I am doing wrong or could >> do better. >> >> - Ian >> >> ------------------------------------------------------------------------------ >> Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA >> -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise >> -Strategies to boost innovation and cut costs with open source participation >> -Receive a $600 discount off the registration fee with the source code: SFAD >> http://p.sf.net/sfu/XcvMzF8H >> _______________________________________________ >> naviserver-devel mailing list >> nav...@li... >> https://lists.sourceforge.net/lists/listinfo/naviserver-devel >> >> > > ------------------------------------------------------------------------------ > Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA > -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise > -Strategies to boost innovation and cut costs with open source participation > -Receive a $600 discount off the registration fee with the source code: SFAD > http://p.sf.net/sfu/XcvMzF8H > _______________________________________________ > naviserver-devel mailing list > nav...@li... > https://lists.sourceforge.net/lists/listinfo/naviserver-devel > |
|
From: Vlad S. <vl...@cr...> - 2009-02-20 17:29:17
|
I know, i asked just in case:-)) But if you combine seqid with currenttime in milliseconds for example and produce md5 hash including IP address, it will be much more difficult to hijack just base don sequential number Ian Harding wrote: > Vlad Seryakov wrote: >> Why not to use nsv_incr to generate sequential session id? >> >> Or sequential ids is a bad idea? >> >> > It makes it super easy to hijack sessions. They are supposed to be > difficult to brute force. >> Ian Harding wrote: >> >>> Stephen Deasey wrote: >>> >>>> On Sun, Feb 15, 2009 at 6:55 PM, Ian Harding <har...@gm...> wrote: >>>> >>>> >>>>> Hello, >>>>> >>>>> I am migrating to Naviserver from AOLServer mostly because of the >>>>> excellent nsdbi module. >>>>> >>>>> My existing code is depended on the nssession module >>>>> http://bas.scheffers.net/aolserver/ . It doesn't compile and run >>>>> unmodified under Naviserver, but before I start hacking on it, is >>>>> there an existing session module or a tcl solution that someone else >>>>> has already written? >>>>> >>>>> >>>>> >>>> I'm not sure that it's worth porting that module. The cache locking is >>>> broken, the file handling looks dodgy, and in general it has some odd >>>> ideas about configuration and string handling. >>>> >>>> If all you need to do is replicate some ns_session Tcl commands so >>>> your existing code works then the easiest way would be to create a >>>> work-alike using the existing naviserver Tcl commands: >>>> >>>> * cookie handling: naviserver has this built in: >>>> http://naviserver.sourceforge.net/n/naviserver/files/ns_cookie.html >>>> >>>> * caching: also now built in: >>>> http://naviserver.sourceforge.net/n/naviserver/files/ns_cache.html >>>> >>>> * persisting the session: just use nsdbi, if you're already using >>>> it. If you really want >>>> to use the file system, use ns_hashpath in nsd/pathname.c to >>>> prevent enormous >>>> directories from bogging down the server. >>>> >>>> * ns_rand: already exposed. >>>> >>>> >>>> It will be more robust than than the C nssession module, and almost >>>> certainly faster too. >>>> >>>> >>>> If you want to create something fancier as a C module, I'd be >>>> interested in helping. >>>> >>>> >>> Here is my lame hack at a tcl module. It has some problems and is not >>> done, but it does seem to work for certain small values of "work". >>> >>> http://code.google.com/p/grop/source/browse/trunk/nssession.tcl >>> >>> I want to "hide" the internal methods (id, load, etc) in a separate >>> namespace, and will use a proper session id generator. I'd like to get >>> rid of the upvar session_id. I wanted to use the connid as a key in a >>> cache to lookup the session_id for those cases where there is not a >>> cookie set yet. I couldn't figure out how to get it. I was hoping >>> there was a "ns_conn id" I could use. >>> >>> Anyway, I would appreciate all input on things I am doing wrong or could >>> do better. >>> >>> - Ian >>> >>> ------------------------------------------------------------------------------ >>> Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA >>> -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise >>> -Strategies to boost innovation and cut costs with open source participation >>> -Receive a $600 discount off the registration fee with the source code: SFAD >>> http://p.sf.net/sfu/XcvMzF8H >>> _______________________________________________ >>> naviserver-devel mailing list >>> nav...@li... >>> https://lists.sourceforge.net/lists/listinfo/naviserver-devel >>> >>> >> ------------------------------------------------------------------------------ >> Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA >> -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise >> -Strategies to boost innovation and cut costs with open source participation >> -Receive a $600 discount off the registration fee with the source code: SFAD >> http://p.sf.net/sfu/XcvMzF8H >> _______________________________________________ >> naviserver-devel mailing list >> nav...@li... >> https://lists.sourceforge.net/lists/listinfo/naviserver-devel >> > > > ------------------------------------------------------------------------------ > Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA > -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise > -Strategies to boost innovation and cut costs with open source participation > -Receive a $600 discount off the registration fee with the source code: SFAD > http://p.sf.net/sfu/XcvMzF8H > _______________________________________________ > naviserver-devel mailing list > nav...@li... > https://lists.sourceforge.net/lists/listinfo/naviserver-devel > |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X