[isf-wifidog] Re: [isf-vol] Login in problems with the Network
Mina Naguib
webmaster at topfx.com
Ven 20 Mai 11:55:28 EDT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 20-May-05, at 11:38 AM, David Vincelli wrote:
> On 5/20/05, Jkx <Jkx at larsen-b.com> wrote:
>> This mean that the cookie, isn't per browser session which is the
>> default behaviour for a most of session algorithm..
>
> Session variables are stored (in memory) server side.
Depending on the CGI framework, sessions could be stored on the
server's hard disk (or database) for extra persistence.
> Cookies are
> stored client side (hd cache).
.. or memory, depending on the cookie type. Cookies with an expiration
date will be stored on disk, session-cookies (until the browser closes)
are usually kept in memory only.
> And yes, cookies aren't exclusive per
> session. But I'm suggesting a kludge to get pass the initial user
> setup. Most likely the user signs up, goes off to do something else
> (closes the browser) and comes back later to continue at that point.
Sessions are usually implemented as both a server-side session (with a
session ID) and a client cookie with the same session ID. So when a
client re-hits the web server it supplies the cookie saying "I am
session id XYZ" and the server can load the corresponding session data.
If the cookie is a session cookie (with no expiration date) then once
the browser is closed, that server-stored session data is orphaned
since nothing will use it. This is our scenario (the PHPSESSID cookie
from auth.ilesansfil.org is served without an expiration date set).
Correspondingly, if a cookie has an expiration date then any re-hit to
the server, even if the browser is closed and re-started, will resume
the session.
> Though I am not sure.
> We can delete the cookie at confirmation and switch to sessions after
> that (if we are bothering, I have no idea how it works anymore).
>
> Anyways back to the initial problem. It tried to redirect him to
> localhost. What is that about? Why would it ever issue such a stupid
> redirect?
Take a quick look at the "Portal" and "Login" links at:
http://auth.ilesansfil.org/node_list.php
They're a kludge (on that page only) to allow quick jumps to each
hotspot's login and portal pages.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iD8DBQFCjghieS99pGMif6wRAkdIAKCY2ipkNrNSDsLMgW86AefE7lLRfgCg313B
rHKX5iwK29L+5SURM8AbscQ=
=272F
-----END PGP SIGNATURE-----
Plus d'informations sur la liste de diffusion WiFiDog