[isf-wifidog] Re: [isf-vol] Login in problems with the Network

Mina Naguib webmaster at topfx.com
Ven 20 Mai 11:55:28 EDT 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 20-May-05, at 11:38 AM, David Vincelli wrote:

> On 5/20/05, Jkx <Jkx at larsen-b.com> wrote:
>> This mean that the cookie, isn't per browser session which is the 
>> default behaviour for a most of session algorithm..
>
> Session variables are stored (in memory) server side.

Depending on the CGI framework, sessions could be stored on the 
server's hard disk (or database) for extra persistence.

> Cookies are
> stored client side (hd cache).

.. or memory, depending on the cookie type.  Cookies with an expiration 
date will be stored on disk, session-cookies (until the browser closes) 
are usually kept in memory only.

> And yes, cookies aren't exclusive per
> session. But I'm suggesting a kludge to get pass the initial user
> setup. Most likely the user signs up, goes off to do something else
> (closes the browser) and comes back later to continue at that point.

Sessions are usually implemented as both a server-side session (with a 
session ID) and a client cookie with the same session ID.  So when a 
client re-hits the web server it supplies the cookie saying "I am 
session id XYZ" and the server can load the corresponding session data.

If the cookie is a session cookie (with no expiration date) then once 
the browser is closed, that server-stored session data is orphaned 
since nothing will use it.  This is our scenario (the PHPSESSID cookie 
from auth.ilesansfil.org is served without an expiration date set).

Correspondingly, if a cookie has an expiration date then any re-hit to 
the server, even if the browser is closed and re-started, will resume 
the session.

> Though I am not sure.
> We can delete the cookie at confirmation and switch to sessions after
> that (if we are bothering, I have no idea how it works anymore).
>
> Anyways back to the initial problem. It tried to redirect him to
> localhost. What is that about?  Why would it ever issue such a stupid
> redirect?

Take a quick look at the "Portal" and "Login" links at:
http://auth.ilesansfil.org/node_list.php

They're a kludge (on that page only) to allow quick jumps to each 
hotspot's login and portal pages.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFCjghieS99pGMif6wRAkdIAKCY2ipkNrNSDsLMgW86AefE7lLRfgCg313B
rHKX5iwK29L+5SURM8AbscQ=
=272F
-----END PGP SIGNATURE-----



Plus d'informations sur la liste de diffusion WiFiDog