Title: Seaside Advanced Topics
Speaker: Johan Brichau
Title: Advanced Seaside
Speaker: Philippe Marshall
Thu, August 21, 2:00pm – 3:30pm
Description
Abstract: If you want to know everything about building sophisticated web applications with Seaside using tightly-integrated client-side libraries and frameworks (jQuery, jQuery++, jQuery-UI, Bootstrap, jQuery-Mobile,...), transparent persistence, RESTful webservices, etc or just about what's new in Seaside, then this tutorial is for you. We will skip the basics (see the excellent online tutorials [1][2] and book [3]) and jump right into the advanced uses of jQuery, the intricate details of ajax callbacks, the extensible framework, the transparent persistence in GemStone Web Edition (GLASS), and much more. We will reserve ample time for Q&A, so bring your questions to the session.
Bio: Philippe Marshall has been part of the core Seaside team for several years. He holds a MSc CompSci from the University of Bern and has previously held talks at ESUG.
Dale Henrich has been working in Smalltalk since 1985 when he developed an internal application on the Tektronix 4404. The internal application was used at Tektronix for at least 20 years and may still be in use today! Since 1985 he has been lucky enough to work in Smalltalk nearly full-time, spending the last 15 years at GemStone (now GemTalk Systems) give or take a couple of years.
Johan Brichau is co-founder and development lead at Yesplan.be, a "Seaside under GLASS"-based web application for event management currently used by over 80 cultural organisations in Belgium and The Netherlands.
6. WARestfulComponentFilter
• run “front page(s)” without session
• “window shopping”
• run pages behind with session
• central place to recover from expired
session
7. WARestfulComponentFilter
• “REST” filter that runs before the
application
• only when no session
• or session is expired
• can start session with any component
instance
8. WARestfulComponentFilter
• if it runs, normal REST filter rules apply
• SeasideRest
• up to you how HTML is generated
• WABuilder/WAPainter
• no callbacks
• …
9. Example Ⅰ
• counter
• all “pages” handled by filter and component
• not the normal case
• not composable
10. Example Ⅱ
• one two three
• first page just static content
• link to second page with static content
• third page with counter (and session)
12. Session Tracking
• used to be implemented in WAApplication
• had a single flag
• optionally use cookies
13. Session Tracking 3.1
• factored out into a strategy object
• can implement your own
• handles no or expired session
14. Session Tracking Fully Customizable
• query fields
• cookie only
• cookie if supported, query field otherwise
• cookie for browser, IP for crawler
• SSL session id (*)
• path parameter (*)
15. Query Field
• /?_s=KAAWl0x3c6KLnN6Q
• easy for development
• session per tab
• no issue with cookie laws
• no iframe issues (P3P)
16. Path Parameter
• ;_s=KAAWl0x3c6KLnN6Q/
• like query parameter
• doesn’t have to be hidden field in form
• required by some load balancers
• “JavaEE” way
17. Cookie Only
• never shows up in links
• never shows up in access logs
• links can be copied and pasted
• links can be sent by email
• session per browser
• crawlers don’t accept cookies
18. IP
• option for crawlers
• same session for all browsers
• issues with
• mobile clients
• NATs
• Proxies
19. SSL Session Id
• never shows up
• needs sever (adapter) support (3.1)
• SSL session has to be keep alive
• or client gets same id again
• no SSL session cookies
20. Session Tracking Fully Customizable
• query fields
• cookie only
• cookie if supported, query field otherwise
• cookie for browser, IP for crawler
• SSL session id (*)
• path parameter (*)
21. Custom
• variant of any of those
• combination of any of those
• can rename field
• whatever else
• eg. header set by security proxy
• client certificate
22. Example
• fake JavaEE
• eg. Tomcat, JBoss
• eg. for load balancer
• use existing load balancer infrastructure,
configuration, documentation
• jvmRoute left as an exercise
23. jvmRoute
• sticky session load balancing
• no session replication
• attach image id / JVM id to session id
• /;jsessionid=KAAWl0x3c6KLnN6Q.42
• supported by “JavaEE load balancers”