wsrp-interop message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [wsrp-interop] on initCookies and sessionID
- From: Rich Thompson <richt2@us.ibm.com>
- To: wsrp-interop@lists.oasis-open.org
- Date: Wed, 19 Nov 2003 15:17:51 -0500
I would also encourage Consumers to
block all invocations targeting portlets within a particular group once
it is known that the cookies being passed to that group are invalid. Re-establishing
those cookies and then processing the blocked invocations with the new
cookie set makes for the cleanest set of calls (i.e. consistent state).
Rich
Michael Freedman <Michael.Freedman@oracle.com>
11/19/2003 02:57 PM
|
To
|
|
cc
| wsrp-interop@lists.oasis-open.org
|
Subject
| Re: [wsrp-interop] on initCookies
and sessionID |
|
This can only be done if templates [or other consumer
supplied state]
isn't stored in the entity session. Note: Currently we only have
the
concept of storing this in the entity session not in relationship to a
cookie session. If the producer needs to formally represent entity
sessions [because of needing to re-receive consumer supplied state] then
it should return the entity session key it is using within the http
session to hold the entities state. Often this will be the entity
ID
itself [but need not be].
In any case I don't understand how things get weird/out-of-sync in
Alejandro's case as the systems should work anyway. [Though I would
encourage you to review any producer code that gets you into this
scenario as it sounds quite peculiar to have entity sessions dependent
on http sessions yet an inconsistent path through checking which is
valid]. Anyway things should work on the consumer because all an
InvalidSession means to a consumer is toss the entity session [ID] and
recall me passing current/new consumer state [like templates]. Thus if
Portlet A from the producer returns invalidCookie while Portlet B
returns invalidSession, the consumer will in response to Portlet A fire
off a new initCookie and in response to Portlet B resend the old the
cookie with new template data/no entity session ID. This later will
now
throw an InvalidCookie as its not an entity session problem anymore.
When the consumer gets the second invalid cookie if the initCookie is
still in process the consumer waits for it to complete and then recalls
both Portlet A and Portlet B with the new cookie or if already completed
[and having called Portlet A again] merely recalls Portlet B with the
new cookie. Note: if the consuemr already has the new cookie from
Portlet A by the time it is ready to resend in response to Portlet B's
invalid session it is fine to send the nwe cookie at this point and
avoid the second fault.
-Mike-
Subbu Allamaraju wrote:
>
> Good point. It does simplify Alejandro's scenario for the Consumer.
>
> Subbu
>
> Rich Thompson said the following on 11/19/2003 11:58 AM:
>
>>
>> I would encourage the Producer in such a scenario to only use
the
>> cookie and never return a sessionID. This eliminates duplicate
>> information that can cause all sorts of issues.
>>
>> Rich
>>
>>
>> *Alejandro Abdelnur <Alejandro.Abdelnur@Sun.COM>*
>> Sent by: Alejandro.Abdelnur@Sun.COM
>>
>> 11/19/2003 01:43 PM
>>
>>
>> To
>> wsrp-interop@lists.oasis-open.org
>> cc
>>
>> Subject
>> Re: [wsrp-interop] on initCookies and sessionID
>>
>>
>>
>>
>>
>>
>>
>>
>> This was exactly the scenario we are facing. The problem is that
>> things get weird (out of synch) if the consumer invokes
the producer
>> in parallel for 2+ portlets and one of the throws a cookie
or a
>> session fault.
>>
>> Alejandro
>>
>> On Wednesday, November 19, 2003, at 06:08 AM, Subbu Allamaraju
wrote:
>>
>> >
>> > I would like to note that a Producer requring perUser
init cookies
>> may > choose to use the same cookie for both cases (ie
return a
>> session > cookie in response to an initCookie call,
and return the
>> same session > ID in the pbia response).
>>
>> > In this case, my interpretation is that
>> >
>> > (a) Producer returns InvalidCookie fault when the cookie
from the
>> > request (when HTTP binding is used) is no longer valid.
>> >
>> > (b) Poducer never returns InvalidSession fault (since
this has
>> the > same affect, atleast for the Producer), and reinvoking
>> initCookie() > and resupplying data stored in sessions
lets the
>> Producer/portlet > recover from session loss.
>> >
>> > For the consumer,
>> >
>> > (a) If the Consumer is strict about cookies, it does
not send
>> expired > cookies to the Producer. So, after the cookie
times out,
>> it > automatically invokes initCookie().
>> >
>> > (b) If the Consumer is not strict, it may send an expired
cookie
>> to > the Producer. The producer then returns InvalidCookie
fault.
>> >
>> > Subbu
>> >
>> >
>> > Rich Thompson said the following on 11/19/2003 05:52
AM:
>> >> My take on the answers:
>> >> First, overall comments: Private sessions between
the end-user
>> and >> particular instances of a portlet are modeled
in the
>> protocol via >> sessionID. It was also recognized
that various
>> systems have reasons >> to use a cookie to carry
session
>> information, though these types of >> sessions are
not always
>> unique to a portlet instance. As a result, >> these
two tend to
>> closely parallel each other while never being >>
linked.
>> >> Q1. Is there any required relationship between
the cookies
>> returned >> by initCookie and the sessionID returned
by the markup
>> interface >> calls?
>> >> A1. No, though if the CookieProtocol is perUser
then they do
>> carry >> the same semantics.
>> >> Q2. If a call returns an InvalidCookie fault, should
the
>> consumer >> discard the sessionID?
>> >> A2. No, the cookies are independent of the private
sessionID and
>> are >> not necessarily related to a session at all.
>> >> Q3. If a call returns an InvalidSession fault,
should the
>> consumer >> call initCookie again?
>> >> A3. same as A2.
>> >> Sorry if the fault descriptions are confusing:
>> >> - InvalidSession fault is used only when
the private session
>> has >> timed out and required data had been cached
in the session
>> (templates >> or UserContext). If the session did
not contain such
>> data or it is >> also available via the supplied
data on the
>> invocation, the Producer >> can simply create a new
session and
>> include it in the returned data >> structure for
future invocations
>> from the Consumer.
>> >> - InvalidCookie fault is used only when the
cookies established
>> by >> initCookie become invalid. This signals to
the Consumer the
>> need to >> invoke initCookie again. Since some Producers
will
>> establish a >> session related to these cookies,
it would be wise
>> for the Consumer >> to resend templates and UserContext
when
>> reinvoking the operation >> that caused the InvalidCookie
fault as
>> this can avoid the next >> invocation returning an
InvalidSession
>> fault.
>> >> Rich
>> >> *Alejandro Abdelnur <Alejandro.Abdelnur@Sun.COM>*
>> >> Sent by: Alejandro.Abdelnur@Sun.COM
>> >> 11/18/2003 07:02 PM
>> >>
>> To
>> >>
wsrp-interop@lists.oasis-open.org
>> >> cc
>> >>
>> Subject
>> >>
[wsrp-interop] on initCookies and sessionID
>> >>
>> One of the engineers in my group (punished
>> with implementing WSRP) >> came
>> >> to me with the following questions and I could
not find an answer
>> for
>> >> her. I would like to know what is your opinion
on this and how
>> are you
>> >> handling this scenario.
>> >> Thanks
>> >> Alejandro
>> >> * Producer requires initCookie.
>> >> * Consumer uses more than one portlet from the
producer for
>> >> the portal page of a user.
>> >> * initCookie has been called upfront.
>> >> * performBlockingInteraction and/or getMarkup have
returned a
>> >> sessionID
>> >> Q1. Is there any required relationship between
the cookies
>> returned by
>> >> initCookie and the sessionID returned by the markup
interface calls?
>> >> Q2. If a call returns an InvalidCookie fault, should
the consumer
>> >> discard the sessionID?
>> >> Q3. If a call returns an InvalidSession fault,
should the
>> consumer >> call
>> >> initCookie again?
>> >> If the answer is 'no' to all the questions, then
the following
>> >> sections
>> >> of the spec make things more confusing:
>> >> P27/L27 "If the Producer returns an InvalidSession
fault message
>> after
>> >> returning a sessionID, the Consumer MUST NOT resupply
that
>> sessionID >> on
>> >> a subsequent invocation and SHOULD reinvoke the
operation that
>> caused
>> >> the fault message without any sessionID and supply
any data that may
>> >> have been stored in the session."
>> >> P44/L6 "If at any time the Producer throws
a fault message
>> >> (“InvalidCookie”) indicating the supplied cookies
have been >>
>> invalidated
>> >> at the Producer, then the Consumer MUST again invoke
initCookie()
>> and
>> >> SHOULD reprocess the invocation that caused the
fault message to be
>> >> thrown and include any data that may have been
stored in a session
>> >> related to a cookie"
>> >> P77/Table,Row=InvalidCookie "InvalidCookie
Used only when the
>> >> environment at the Producer has timed out AND the
Producer needs the
>> >> Consumer to invoke initCookie() again and resend
data that may have
>> >> been stored in sessions related to a cookie."
>> >> P77/Table,Row=InvalidSession "Used only when
a Producer session has
>> >> timed out AND the Producer needs the Consumer to
invoke resend data
>> >> that may have been cached in the session."
>> >
>> >
>> >
>> > To unsubscribe from this mailing list (and be removed
from the
>> roster > of the OASIS TC), go to >
>> http://www.oasis-open.org/apps/org/workgroup/wsrp-interop/members/
>> > leave_workgroup.php.
>> >
>>
>>
>> To unsubscribe from this mailing list (and be removed from the
roster
>> of the OASIS TC), go to
>> http://www.oasis-open.org/apps/org/workgroup/wsrp-interop/members/leave_workgroup.php.
>>
>>
>>
>
>
>
> To unsubscribe from this mailing list (and be removed from the roster
> of the OASIS TC), go to
> http://www.oasis-open.org/apps/org/workgroup/wsrp-interop/members/leave_workgroup.php.
>
>
To unsubscribe from this mailing list (and be removed from the roster of
the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/wsrp-interop/members/leave_workgroup.php.
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]