You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by Laura lega <sp...@libero.it> on 2001/11/14 18:19:05 UTC
new WebPagePortlet and cookies
Hello!
I've seen in last CVS Jetspeed release that we have a new WebPagePortlet and that it manages a RunData.
Question is: does it manage cookies?
Laura
Re: new WebPagePortlet and cookies
Posted by Paul Spencer <pa...@apache.org>.
Laura,
Not yet. What I committed on 09-nov just address caching and content
retrieval problems.
What do you mean by "does it manage cookies?"
Paul Spencer
Laura lega wrote:
> Hello!
> I've seen in last CVS Jetspeed release that we have a new WebPagePortlet and that it manages a RunData.
> Question is: does it manage cookies?
>
> Laura
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: new WebPagePortlet and cookies
Posted by Santiago Gala <sg...@hisitech.com>.
En jue, 2001-11-15 a 18:58, Paul Spencer escribió:
> Laura,
>
> So you are requesting that the cookies retrieved from the Server by the
> WebPagePortlet will be passed, along with the Server's domain
> information [ javax.servlet.http.Cookie.setDomain() ], to the browser?
>
This issue I have discussed in detail, and it is non trivial.
To have an effective WebPagePortlet, we would need a server side "proxy"
service that would do:
- management of cookies (not to the client browser, but in the client
session in the proxy)
- rewriting of urls so that those in the webpage base pass back through
the server (so that the cookie can be sent back).Esentially, the proxy
would keed a map of "true" url vs "rewritten" ones. This can be tricky,
as URLs can come disguised in javascript, or composed in code.
- caching of getContent() requests when they come from different portlet
actions in the user page, to avoid fake interactions with the server
when the user, for instance, minimises a separate portlet in the same
page.
While using IFRAME solves some of these problems, it does *not* solve
the fact that any interaction in separate portlets in the page spoils
the state of the IFRAME. Hence the need of such a proxy.
This is in addition to all the security issues, which I have not looked
in depth.
The other side of the equation is that it is so damned useful while web
services are not common, that I think a lot of people would like to have
it around.
What do you think? While difficult, I don't think it is not doable.
Using jTidy + some HttpClient library (there are quite) could do.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: new WebPagePortlet and cookies
Posted by Paul Spencer <pa...@apache.org>.
Laura,
So you are requesting that the cookies retrieved from the Server by the
WebPagePortlet will be passed, along with the Server's domain
information [ javax.servlet.http.Cookie.setDomain() ], to the browser?
You may be opening up a security hole on the user's browser.
As to the session, will your server, not Jetspeed, allow the client of a
session to change?
You should be able to write a JSP that retrieve a page from a server and
passes the content, including cookies, to your browser. Then verify the
server will accept the cookies.
Paul Spencer
Laura lega wrote:
> Hello.
>
> We are trying to understand if using jetspeed could be useful to us.
> We need to use WebPagePortlet to load data from a server after
> authenticating against it. Obviously we need to maintain a session
between
> browser and server.
> By "managing cookies" I mean the possibility for the browser to get
cookies
> from the server through WebPagePortlet and to send them back to the
server
> in subsequent requests. Not only to maintain a session.
>
> Are you going to develop something like that?
> Are you going to include cookies information into RunData object?
>
> We have seen you have "put RunData into WebPagePortlet". Does that
RunData
> contain Request object from browser?
>
> Thanks and sorry for just making questions ;-)
>
> Laura
>
>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: new WebPagePortlet and cookies
Posted by Laura lega <sp...@libero.it>.
Hello.
We are trying to understand if using jetspeed could be useful to us.
We need to use WebPagePortlet to load data from a server after
authenticating against it. Obviously we need to maintain a session between
browser and server.
By "managing cookies" I mean the possibility for the browser to get cookies
from the server through WebPagePortlet and to send them back to the server
in subsequent requests. Not only to maintain a session.
Are you going to develop something like that?
Are you going to include cookies information into RunData object?
We have seen you have "put RunData into WebPagePortlet". Does that RunData
contain Request object from browser?
Thanks and sorry for just making questions ;-)
Laura
----- Original Message -----
From: "David Sean Taylor" <da...@bluesunrise.com>
To: "'Jetspeed Developers List'" <je...@jakarta.apache.org>
Sent: Wednesday, November 14, 2001 7:07 PM
Subject: RE: new WebPagePortlet and cookies
> No, it doesn't manage cookies.
> Im working on an enhancement that does manage sessions and form data.
>
> -- David
>
> -----------------------
> David Sean Taylor
> david@bluesunrise.com
> -----------------------
>
>
> > -----Original Message-----
> > From: Laura lega [mailto:spanishisotta@libero.it]
> > Sent: Wednesday, November 14, 2001 9:19 AM
> > To: jetspeed-dev@jakarta.apache.org
> > Subject: new WebPagePortlet and cookies
> >
> >
> > Hello!
> > I've seen in last CVS Jetspeed release that we have a new
> > WebPagePortlet and that it manages a RunData.
> > Question is: does it manage cookies?
> >
> > Laura
> >
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: new WebPagePortlet and cookies
Posted by David Sean Taylor <da...@bluesunrise.com>.
No, it doesn't manage cookies.
Im working on an enhancement that does manage sessions and form data.
-- David
-----------------------
David Sean Taylor
david@bluesunrise.com
-----------------------
> -----Original Message-----
> From: Laura lega [mailto:spanishisotta@libero.it]
> Sent: Wednesday, November 14, 2001 9:19 AM
> To: jetspeed-dev@jakarta.apache.org
> Subject: new WebPagePortlet and cookies
>
>
> Hello!
> I've seen in last CVS Jetspeed release that we have a new
> WebPagePortlet and that it manages a RunData.
> Question is: does it manage cookies?
>
> Laura
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>