Title: Seaside Advanced Topics Speaker: Johan Brichau Title: Advanced Seaside Speaker: Philippe Marshall Thu, August 21, 2:00pm – 3:30pm Description Abstract: If you want to know everything about building sophisticated web applications with Seaside using tightly-integrated client-side libraries and frameworks (jQuery, jQuery++, jQuery-UI, Bootstrap, jQuery-Mobile,...), transparent persistence, RESTful webservices, etc or just about what's new in Seaside, then this tutorial is for you. We will skip the basics (see the excellent online tutorials [1][2] and book [3]) and jump right into the advanced uses of jQuery, the intricate details of ajax callbacks, the extensible framework, the transparent persistence in GemStone Web Edition (GLASS), and much more. We will reserve ample time for Q&A, so bring your questions to the session. Bio: Philippe Marshall has been part of the core Seaside team for several years. He holds a MSc CompSci from the University of Bern and has previously held talks at ESUG. Dale Henrich has been working in Smalltalk since 1985 when he developed an internal application on the Tektronix 4404. The internal application was used at Tektronix for at least 20 years and may still be in use today! Since 1985 he has been lucky enough to work in Smalltalk nearly full-time, spending the last 15 years at GemStone (now GemTalk Systems) give or take a couple of years. Johan Brichau is co-founder and development lead at Yesplan.be, a "Seaside under GLASS"-based web application for event management currently used by over 80 cultural organisations in Belgium and The Netherlands.

1. Advanced Seaside
Philippe Marschall
ESUG 2014

2. Advanced Seaside
• WARestfulComponentFilter
• session tracking
• http://smalltalkhub.com/mc/marschall/ESUG-2014/main
• http://ss3.gemstone.com/ss/frank.html

3. WARestfulComponentFilter

4. Disclaimer
• REST in this context simply means “pretty URLs”

5. WARestfulComponentFilter
• new with 3.1
• Norbert’s fault
• this is the missing documentation

6. WARestfulComponentFilter
• run “front page(s)” without session
• “window shopping”
• run pages behind with session
• central place to recover from expired
session

7. WARestfulComponentFilter
• “REST” filter that runs before the
application
• only when no session
• or session is expired
• can start session with any component
instance

8. WARestfulComponentFilter
• if it runs, normal REST filter rules apply
• SeasideRest
• up to you how HTML is generated
• WABuilder/WAPainter
• no callbacks
• …

9. Example Ⅰ
• counter
• all “pages” handled by filter and component
• not the normal case
• not composable

10. Example Ⅱ
• one two three
• first page just static content
• link to second page with static content
• third page with counter (and session)

11. Session Tracking

12. Session Tracking
• used to be implemented in WAApplication
• had a single flag
• optionally use cookies

13. Session Tracking 3.1
• factored out into a strategy object
• can implement your own
• handles no or expired session

14. Session Tracking Fully Customizable
• query fields
• cookie only
• cookie if supported, query field otherwise
• cookie for browser, IP for crawler
• SSL session id (*)
• path parameter (*)

15. Query Field
• /?_s=KAAWl0x3c6KLnN6Q
• easy for development
• session per tab
• no issue with cookie laws
• no iframe issues (P3P)

16. Path Parameter
• ;_s=KAAWl0x3c6KLnN6Q/
• like query parameter
• doesn’t have to be hidden field in form
• required by some load balancers
• “JavaEE” way

17. Cookie Only
• never shows up in links
• never shows up in access logs
• links can be copied and pasted
• links can be sent by email
• session per browser
• crawlers don’t accept cookies

18. IP
• option for crawlers
• same session for all browsers
• issues with
• mobile clients
• NATs
• Proxies

19. SSL Session Id
• never shows up
• needs sever (adapter) support (3.1)
• SSL session has to be keep alive
• or client gets same id again
• no SSL session cookies

20. Session Tracking Fully Customizable
• query fields
• cookie only
• cookie if supported, query field otherwise
• cookie for browser, IP for crawler
• SSL session id (*)
• path parameter (*)

21. Custom
• variant of any of those
• combination of any of those
• can rename field
• whatever else
• eg. header set by security proxy
• client certificate

22. Example
• fake JavaEE
• eg. Tomcat, JBoss
• eg. for load balancer
• use existing load balancer infrastructure,
configuration, documentation
• jvmRoute left as an exercise

23. jvmRoute
• sticky session load balancing
• no session replication
• attach image id / JVM id to session id
• /;jsessionid=KAAWl0x3c6KLnN6Q.42
• supported by “JavaEE load balancers”

24. Example
• jsessionid path parameter name
• JSESSIONID cookie name