How can i use single session for both clojure and clojurescript.
For my login web application Server side i am using clojure and client side clojurescript.
And i need a session which is accessible from both client and server.
Is that possible?
The example sente project has a session which is accessible from both client and server. You will probably need to spend some time with it and mould it to your needs. But the example itself shows logging in and then a :uid inside :session, which is accessible from both the server and the client.
Related
I was wondering that session management in cloud environments are available in many options for Microsoft azure/ Amazon Web Services / any private cloud. What I was looking that which is the best session management technique which will fit in all the cloud environments.
I have gone through many site but could not decide which is the most suitable in all cases. I read somewhere that Sticky sessions are also one of the option for session management. So looking for an answer which states that is Sticky sessions are different from cookie based session management?
If yes then how to use it?
Thanks
Ravi
Sticky session are likely to stay on same server when the first request comes and provided from same server for each request. Where as cookie based session are nothing but keeping the data on client machine in browser. can be served from any server which is available.
Yes Sticky Sessions are different than cookie based sessions.
As sticky sessions are nothing but handled by load balancers which handles to get sessions in request from client and passes it to the same server where the first request came to that server. E.g. While loading an website request goes to server A, then sessions get stored on server A, while next request comes from user the request sent to the same server i.e. Server A, irrespective of how many servers present in the farm.
Whereas cookie based sessions are stored on client machine, and it gets added with each new request. So it can be read and supported on any server in farm irrespective which server generated and stored session while first login.
i am developing a server application of building rest web services in java using spring-hibernate,where this service will be used by other clients.i have followed this link http://www.beingjavaguys.com/2014/08/spring-restful-web-services.html.
my question here is
1>should i maintain session in server application?if yes how?
2>should i do any validation in server side?
3>To validate user while login should i use spring security for that or just comparing username and password in database is enough?
4>when user doesnot interact with server for particular time there should be session timeout ,should this be implemented in sserver application or client side?
i am very new to java and web service,any suggestions,links and guidence are appreciated.
1>should i maintain session in server application?if yes how?
Rest web services do not depend on client session since they are stateless, so there is no need to think about session management.
2>should i do any validation in server side?
What kind of validation?
3>To validate user while login should i use spring security for that or just comparing username and password in database is enough?
You can use both, but I think a token based authentication (Based on spring security) will be the best way.
4>when user does not interact with server for particular time there should be session timeout ,should this be implemented in server application or client side?
Since server does not keep track of user session, timeout should be implemented on client side.
You can check the following project if you want its a excellent starting point.
https://github.com/dhavaln/spring-rest-boilerplate
1>should i maintain session in server application?if yes how?
Web-services are stateless means server does not store any state about the client session on the server side.You should manage the session on the client side, other wise you will end-up handling an heavy load of sessions on the server side and I am sure you don't want to do that.
2>should i do any validation in server side?
If by validation you mean data integrity, I think you will have to do it for the favor of data integrity and your application well being.
3>To validate user while login should i use spring security for that
or just comparing username and password in database is enough?
You can do both, using spring security is a good choice , and you will have to configure or build your own AuthentificationManager which will compare credentials withe those stored in the database
4>when user doesnot interact with server for particular time there
should be session timeout ,should this be implemented in sserver
application or client side?
You can set a session timeout , and this should be implemented on the client-side.
WebForm :
In webform (with session) state application in web farm environment the session is stored in SQL Server storage which can be accessed by all the servers in a webfarm. This means the logged in user's request can get the same session regardless of which server in the farm it hits.
WebAPI :
I understand that webapi by design is stateless so for true webapi application I dont need to worry about how the state is maintained etc. Usually the authentication token is passed between requests and as far as its valid a login gets access to the whatever resource it needs on the server. This is fine with one Webserver hosting webapi. But what about web farm. How does the "Session" (Or the equivalent term in Webapi) is managed in WebApi farm?
I know azure gives following options to name the few..
Azure SQL Server
Azure Table storage /Queue
Cache Service
They seems to add extra complexity to the architecture (which is much easier in WebForm using SQL Server Session).
One other slightly different question (and might a bit basic) is how does the request/response is traced in webapi farm? i.e. When a client make request to webapi and webapi sends a async response how does server make sure its traced back to the client?
Edit:
I am not looking to implement Session is Webapi but rather how the same thing can be achieved in webapi without session state.
Thanks
Yes. Using session in REST is a really bad thing.
But you can simulate the session in Web API as well. In web form, the server added the generated session id in HTML from so when user submit that session id will be included in their request. You can simulate the same thing with Web API as well. You can check this Accessing Session Using ASP.NET Web API
The best that you can store the information in memcached or redis with expiration. It will work in web farm as well.
Anyways, I don't recommend using the "session" in Web API.
For a web application I could figure no session cookies stored . There was a string as
SSLJSESSION=0000SESSIONMANAGEMENTAFFINI:-1
From my understanding , this cannot be used to handle sessions , Still the application is handling the sessions properly .
Can anyone please tell me how session handling is done with the above technique ?
After a bit of browsing through WebSphere’s documentation, I found out that WebSphere (actually IBM HTTP Server as well as SUN One Web Server) support a feature called SSL ID Session Tracking. Basically, what this does is bind web application sessions to SSL sessions. This further does not require the web application to do almost any session handling since the server performs this on behalf of the application.
I have the following problem. I have an application (3rd party) that needs to connect to API via a proxy to request various data again and again. The application has a configuration section where the necessary details can be entered (the app then stores them in a config.ini file). However, one client doesn't like the proxy user/password to be stored in config files;
As I don't have access to the application's code, the simplest solution I can think of is something along the lines of a tunnel, i.e. write a simple app/script that would open a connection to the proxy, prompts the user for the username/password and then keep the connection open so that the application can access the proxy without needing username/password everytime. Is something like this possible? I mean I don't to create sort of full blown proxy that would sit between the app and the real proxy server, all I really want is something like a session so that once the IP is authorized to get through the proxy, the consequent requests go through as well.
I'd appreciate help and/or any suggestions for an alternate solution
p.s. the app is win32 only so the solution is for win32 only as well (ie no cygwin, etc.)
Thank you
Proxy credential caching typically works on a per-process basis, not a per-machine basis. So, having Application A make a request through the proxy rarely allows Application B to make a request without getting challenged.
If you can change the application's code, make a single request through the proxy using the desired credentials; e.g. make a HEAD request for your server's homepage. Most HTTP stacks (e.g. WinINET) will cache the proxy credentials for the life of the process.