Ticket #1343 (closed defect: fixed)

Opened 3 years ago

Last modified 3 years ago

Stop using session to store transient user preferences

Reported by: fguillaume Assigned to: jmorliaguet
Priority: P1 Milestone: CPS 3.4.0
Component: CPSSkins Version: 3.4.0
Severity: normal Keywords:
Cc:

Description

We must stop using the session to store simple transient user preferences, like the ordering choices (criterion/direction).

Sessions are costly, need specific load balancer affinity, and above of all can provoke conflict errors.

Cookies were designed to do that, we should use them.

Change History

02/01/06 08:49:07 changed by jmorliaguet

  • status changed from new to assigned.

that shouldn't be too difficult, there are only two methods that need to be rewritten to use cookies instead of session variables

in PortalThemesTool?:

def getViewMode

def setViewMode

but BTW what is the session good for? when are you supposed to use session instead of cookies?

02/01/06 10:15:35 changed by jmorliaguet

Note that there is an extra complication due to the fact that cookie values are strings and the data stored in session variable can be anything (dictionaries, lists, non persistent objects ...).

there has to be a serializer / deserializer that convert data structures to strings and vice versa.

e.g. binary pickle + base64

02/01/06 16:52:50 changed by jmorliaguet

there is a cookie-based replacement for storing simple python structures (dictionaries, lists, etc.) using JSON+base64 to encode the information:

https://svn.nuxeo.org/pub/CPSSkins/branches/jmo-no-sessions

It works fine as far as I can tell on Firefox 1.5, Internet Explorer, Konqueror.

some tests will now be added, but it has to be tested against different browsers.

02/03/06 13:17:52 changed by jmorliaguet

  • milestone changed from CPS 3.4.1 to CPS 3.4.0.

02/03/06 14:18:29 changed by jmorliaguet

  • status changed from assigned to closed.
  • resolution set to fixed.

fixed in [32581]

02/17/06 18:23:31 changed by fguillaume

what is the session good for? when are you supposed to use session instead of cookies?

Use the session when you can't use cookies :) For instance to store objects of arbitrary size.