• Replies 4 replies
  • Subscribers 246 subscribers
  • Views 41 views
  • Users 0 members are here
Related

Persisting a Web Session

Jon Ballinger
$organization

Hello,

I was wondering is anyone persisting the web session for an extended period of time?  The idea for  us is to not  have the user relogin all the time when visiting our mobile site.  I was thinking of persisting the cookie longer and checking  on the back to see if I need to transerfer to a new session.

Has anyone done something similar or have any thoughts on this? 

Thanks,

Jon

  • $organization

    I don't see any problem with this.  We've got cookies that last a very, very long time (Took a glance and mine expires in 2016), and it's working great.

    One thing you might run into is that if the cookie connects to state held in the session, and you do a deploy or a reboot of your server, the cookie will no longer connect to any of that data.  What this meant on our server was that the session key itself was inaccessible; transferring the session at that point isn't possible.  This isn't a tremendous problem, just that users might end up having to log in more often than expected.

    Eric

  • Former Member
    Former Member $organization

    Considering computers are often shared too, I would consider some messaging that says something to the affect of...

    logged in as 'name'

    * log in as a different user?

     

     

  • $organization in reply to Former Member

    Eric  & Don,

    Thanks for the input.    The only thing with persisting the session cookie  I am hesitant about is the whole public computer thing.  I know the purpose of this mobile site we are developing is for mobile devices, but it could be accessed from a pc as well. 

    At the moment I have built into the site the user name displaying when logged in.  I have seen some sites that do keep but then requries then to re-authenticate in certain areas.   

    Jon

  • $organization in reply to Jon Ballinger

    That's definitely the problem with long-persisting sessions.  We do exactly what you'll be doing, with displaying the customer's name at the top of the screen.  We haven't had any problems of which I'm aware.

    Ok, let me take that back. We've had one, very odd situation.  We were getting orders from people on different computers, that were showing up under the same account. So John, Mary and Jane all ordered, but all orders showed up under John's account. It turned out they were all at the same office building, behind the same firewall, and their firewall proxy was set up incorrectly to cache session data.  So the cookie was being stored and served from the proxy, not from the client computer, and so everyone in the office ordering (there was a promotion available to this company) put their orders through using the first person's account.

    But that was a fluke, and really due to improper network setup on the company's end, not that we were doing anything wrong with the cookies.

    Eric Sipple

    The Pittsburgh Cultural Trust