Loading ...
Sorry, an error occurred while loading the content.

Exact definition of a session

Expand Messages
  • Mike Cantone
    I need a better understanding of when a session gets created as opposed to when an existing session is used. Let me put forth my understanding and if someone
    Message 1 of 5 , Oct 6, 2004
    • 0 Attachment
      I need a better understanding of when a session gets created as opposed
      to when an existing session is used.

      Let me put forth my understanding and if someone can tell me where I'm
      right/wrong I'd greatly appreciate it.

      OBSERVATIONS

      I've observed the following behavior.

      * On mozilla, if I bring up my application on multiple tags of the same
      browser instance, it all seems to access the same session (assuming I
      haven't abandoned it).
      * With mozilla, on the same client, if I bring up multiple versions of
      mozilla, it seems to tap into different sessions.
      * With konqueror (which I must support), from the same hardware client,
      even with different instances of the browser, it seems to tap into the
      same session.
      * From different hardware clients, it always seems to create a new
      session or tap into an existing session from that same client).

      SESSION MECHANICS THEORY

      So, my theory based on these observations is that a cookie defines a
      session and that cookie always has the exact name "session-id" and, for
      some reason mozilla must maintain separate caches of cookies per browser
      invocation will mozilla does not.

      QUESTIONS

      * Is there any way to have more than one session for a given hardware
      client perhaps based on application? That would imply either the
      session-id cooke could be prefixed or somehow the browser would store it
      in a subdirectory based on the application (I don't know if browsers
      allow this type of control within the cookie directory though I'm
      scpetical the sub-directory thing is feasible).

      * With regard to session timeout, if it is set to something like 60
      minutes, is that 60 minutes from the beginning of session creation or 60
      minutes from the point of last activity. The latter seems more useful
      and typical to me, but I'd like to confirm it...

      * Our application is characterized by few simultaneous users that
      perform tasks where there is significant computation. While the
      computation generates a fair amount of data (a few MB), the computation
      takes long enough that it is highly desirable to keep the results in
      session. Is there a limit to how much data I can keep in session? Based
      on how our applicaiton is characterized is there any reason to not keep
      the data in session?

      Much appreciation for any help - I must release this to QA soon and I
      really want to make sure I understand this all well before hand.

      Thanks,

      Mike


      ---------------------------------------------------------------------
      To unsubscribe, e-mail: asp-unsubscribe@...
      For additional commands, e-mail: asp-help@...
    • Fagyal Csongor
      Hi Mike, ... This all boils down to how cookies behave. If you understand how cookies work, you will understand sessions, too (probably, at least). ... So you
      Message 2 of 5 , Oct 6, 2004
      • 0 Attachment
        Hi Mike,

        > I need a better understanding of when a session gets created as
        > opposed to when an existing session is used.
        >
        > Let me put forth my understanding and if someone can tell me where I'm
        > right/wrong I'd greatly appreciate it.
        >
        > OBSERVATIONS
        >
        > I've observed the following behavior.
        >
        > * On mozilla, if I bring up my application on multiple tags of the
        > same browser instance, it all seems to access the same session
        > (assuming I haven't abandoned it).
        > * With mozilla, on the same client, if I bring up multiple versions of
        > mozilla, it seems to tap into different sessions.
        > * With konqueror (which I must support), from the same hardware
        > client, even with different instances of the browser, it seems to tap
        > into the same session.
        > * From different hardware clients, it always seems to create a new
        > session or tap into an existing session from that same client).

        This all boils down to how cookies behave. If you understand how cookies
        work, you will understand sessions, too (probably, at least).

        > SESSION MECHANICS THEORY
        >
        > So, my theory based on these observations is that a cookie defines a
        > session and that cookie always has the exact name "session-id" and,
        > for some reason mozilla must maintain separate caches of cookies per
        > browser invocation will mozilla does not.

        So you do understand cookies :-)

        > QUESTIONS
        >
        > * Is there any way to have more than one session for a given hardware
        > client perhaps based on application?

        I don't fully understand this question, but you might try to use
        cookie-less sessions using URL rewriting. This way you are not bound to
        how different browsers/browser instances handle cookies. But you must
        take care of session initialization (creating new sessions) at
        corresponding pages.

        > That would imply either the session-id cooke could be prefixed or
        > somehow the browser would store it in a subdirectory based on the
        > application (I don't know if browsers allow this type of control
        > within the cookie directory though I'm scpetical the sub-directory
        > thing is feasible).

        > * With regard to session timeout, if it is set to something like 60
        > minutes, is that 60 minutes from the beginning of session creation or
        > 60 minutes from the point of last activity. The latter seems more
        > useful and typical to me, but I'd like to confirm it...

        Last activity.

        > * Our application is characterized by few simultaneous users that
        > perform tasks where there is significant computation. While the
        > computation generates a fair amount of data (a few MB), the
        > computation takes long enough that it is highly desirable to keep the
        > results in session. Is there a limit to how much data I can keep in
        > session?

        Depends on what kind of session storage you use. See:
        http://www.apache-asp.org/config.html#StateDB
        IMHO the default state manager can only handle 1k or so - others can
        hold much more data.

        > Based on how our applicaiton is characterized is there any reason to
        > not keep the data in session?

        Session data is stored on disc. Because of this, on every page where you
        use the session it must be fetched, which might slow down you
        application and increase the memory usage of your application.

        Hope this helps.

        - Csongor

        ---------------------------------------------------------------------
        To unsubscribe, e-mail: asp-unsubscribe@...
        For additional commands, e-mail: asp-help@...
      • Mike Cantone
        Thanks - you ve confirmed everything I suspected. -Mike ... To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org For additional commands, e-mail:
        Message 3 of 5 , Oct 6, 2004
        • 0 Attachment
          Thanks - you've confirmed everything I suspected.

          -Mike

          Fagyal Csongor wrote:
          > Hi Mike,
          >
          >> I need a better understanding of when a session gets created as
          >> opposed to when an existing session is used.
          >>
          >> Let me put forth my understanding and if someone can tell me where I'm
          >> right/wrong I'd greatly appreciate it.
          >>
          >> OBSERVATIONS
          >>
          >> I've observed the following behavior.
          >>
          >> * On mozilla, if I bring up my application on multiple tags of the
          >> same browser instance, it all seems to access the same session
          >> (assuming I haven't abandoned it).
          >> * With mozilla, on the same client, if I bring up multiple versions of
          >> mozilla, it seems to tap into different sessions.
          >> * With konqueror (which I must support), from the same hardware
          >> client, even with different instances of the browser, it seems to tap
          >> into the same session.
          >> * From different hardware clients, it always seems to create a new
          >> session or tap into an existing session from that same client).
          >
          > .
          > This all boils down to how cookies behave. If you understand how cookies
          > work, you will understand sessions, too (probably, at least).
          >
          >> SESSION MECHANICS THEORY
          >>
          >> So, my theory based on these observations is that a cookie defines a
          >> session and that cookie always has the exact name "session-id" and,
          >> for some reason mozilla must maintain separate caches of cookies per
          >> browser invocation will mozilla does not.
          >
          >
          > So you do understand cookies :-)
          >
          >> QUESTIONS
          >>
          >> * Is there any way to have more than one session for a given hardware
          >> client perhaps based on application?
          >
          >
          > I don't fully understand this question, but you might try to use
          > cookie-less sessions using URL rewriting. This way you are not bound to
          > how different browsers/browser instances handle cookies. But you must
          > take care of session initialization (creating new sessions) at
          > corresponding pages.
          >
          >> That would imply either the session-id cooke could be prefixed or
          >> somehow the browser would store it in a subdirectory based on the
          >> application (I don't know if browsers allow this type of control
          >> within the cookie directory though I'm scpetical the sub-directory
          >> thing is feasible).
          >
          >
          >> * With regard to session timeout, if it is set to something like 60
          >> minutes, is that 60 minutes from the beginning of session creation or
          >> 60 minutes from the point of last activity. The latter seems more
          >> useful and typical to me, but I'd like to confirm it...
          >
          >
          > Last activity.
          >
          >> * Our application is characterized by few simultaneous users that
          >> perform tasks where there is significant computation. While the
          >> computation generates a fair amount of data (a few MB), the
          >> computation takes long enough that it is highly desirable to keep the
          >> results in session. Is there a limit to how much data I can keep in
          >> session?
          >
          >
          > Depends on what kind of session storage you use. See:
          > http://www.apache-asp.org/config.html#StateDB
          > IMHO the default state manager can only handle 1k or so - others can
          > hold much more data.
          >
          >> Based on how our applicaiton is characterized is there any reason to
          >> not keep the data in session?
          >
          >
          > Session data is stored on disc. Because of this, on every page where you
          > use the session it must be fetched, which might slow down you
          > application and increase the memory usage of your application.
          >
          > Hope this helps.
          >
          > - Csongor
          >
          > ---------------------------------------------------------------------
          > To unsubscribe, e-mail: asp-unsubscribe@...
          > For additional commands, e-mail: asp-help@...
          >


          ---------------------------------------------------------------------
          To unsubscribe, e-mail: asp-unsubscribe@...
          For additional commands, e-mail: asp-help@...
        • Josh Chamas
          ... Yes, check out CookiePath config... http://apache-asp.org/config.html#CookiePath which you can set per application via Apache configuration ( .htaccess,
          Message 4 of 5 , Oct 7, 2004
          • 0 Attachment
            Mike Cantone wrote:
            > QUESTIONS
            >
            > * Is there any way to have more than one session for a given hardware
            > client perhaps based on application? That would imply either the
            > session-id cooke could be prefixed or somehow the browser would store it
            > in a subdirectory based on the application (I don't know if browsers
            > allow this type of control within the cookie directory though I'm
            > scpetical the sub-directory thing is feasible).
            >

            Yes, check out CookiePath config...
            http://apache-asp.org/config.html#CookiePath

            which you can set per application via Apache configuration
            ( .htaccess, Directory, etc )

            You would also want to combine this with a StateDir config different
            for each application as well.

            I believe Csongor answered the rest of your questions well.

            Regards,

            Josh

            ---------------------------------------------------------------------
            To unsubscribe, e-mail: asp-unsubscribe@...
            For additional commands, e-mail: asp-help@...
          • Mike Cantone
            Ahh... You are now my official hero... ... To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org For additional commands, e-mail: asp-help@perl.apache.org
            Message 5 of 5 , Oct 7, 2004
            • 0 Attachment
              Ahh... You are now my official hero...

              Josh Chamas wrote:
              > Mike Cantone wrote:
              >
              >> QUESTIONS
              >>
              >> * Is there any way to have more than one session for a given hardware
              >> client perhaps based on application? That would imply either the
              >> session-id cooke could be prefixed or somehow the browser would store
              >> it in a subdirectory based on the application (I don't know if
              >> browsers allow this type of control within the cookie directory though
              >> I'm scpetical the sub-directory thing is feasible).
              >>
              >
              > Yes, check out CookiePath config...
              > http://apache-asp.org/config.html#CookiePath
              >
              > which you can set per application via Apache configuration
              > ( .htaccess, Directory, etc )
              >
              > You would also want to combine this with a StateDir config different
              > for each application as well.
              >
              > I believe Csongor answered the rest of your questions well.
              >
              > Regards,
              >
              > Josh
              >
              > ---------------------------------------------------------------------
              > To unsubscribe, e-mail: asp-unsubscribe@...
              > For additional commands, e-mail: asp-help@...
              >


              ---------------------------------------------------------------------
              To unsubscribe, e-mail: asp-unsubscribe@...
              For additional commands, e-mail: asp-help@...
            Your message has been successfully submitted and would be delivered to recipients shortly.