Session Control in PH Web - new feature suggestion for phweb
Joe Boyle
joeboyle_adt at hotmail.com
Wed Aug 8 07:44:50 CDT 2007
Messagethe file v_dict_session_file.in contained the two lines below,
create file dict_session_file
exit
----- Original Message -----
From: Joe Boyle
To: 'Han Han' ; powerh-l at lists.sowder.com
Sent: Wednesday, August 08, 2007 1:03 PM
Subject: RE: Session Control in PH Web - new feature suggestion for phweb
I am guessing that if two users login at the same 8 digit time ( I don't know if the processing of PHweb would ever enable this) , the PHrandom function will return the same value; so, I would say that a reasonably unique browser IP ( in conjunction with 8 digit time) would be more effective than a PHrandom result.
That said, the windows %random% call seems pretty useful, but a database of used session id's (%random% values) would probably need to be maintained - however they are generated, in order to ensure that you aren't giving out duplicates.
If the PHwebservers were able to maintain a counter in memory, incremented when activated, and the individual PHwebservers per application worked on specific ranges of values, a unique sessionid would easily be available.
In conjunction with date and 8 digit time the combined result would be unique, even if the PHwebserver were left running for thousands of years ( an 8 byte integer using only fifty two bits can count up to 4503599627370496 - I only ever saw quiz accurate up to about 8999999999999999 - 52ish bits ).
I have some notes containing some tips on returning random values below, it wasn't complete, but the approach worked at the time for PH on Windows ( didn't test with PHweb). With MSSQL I still like the idea of referencing an autoincrement column, but the key segments have to be unique in order to retrieve the correct row - so that obviates the need for the autoincrement column.
type dict_session_file.cmd
set v_dict_session_file=%1
echo %v_dict_session_file%
qutil < c:\ph\sqlserver\v_dict_session_file.in > c:\ph\sqlserver\makefile.log
exit
type idsession.qts
can cle
run n1
req q1 proc lim 1 input lim 1
acc file_lock
choose orderid 99999999
define t_sess char*10 = parm
output dict_session_file add
item word final t_sess
type idsession.qks
can clear
screen idsession menu
temporary t_seed integer *8 size 4 reset at startup
temporary t_sess float reset at startup
temporary t_count integer reset at startup
temporary idfile_temp character *100 reset at startup
temporary rc_temp character *150 reset at startup
file dict_session_file designer close
field t_sess id 1
procedure internal isef
begin
let idfile_temp = truncate ( &
"c:\ph\sqlserver\f_" + ascii( sysdate ) + ascii (systime) + ".dat")
if not setsystemval ("v_dict_session_file", idfile_temp )
then error "not set "
let rc_temp = "cmd /c c:\ph\sqlserver\dict_session_file.cmd " + idfile_temp + " > c:\ph\sqlserver\dict_session_file.log"
run command rc_temp
let rc_temp = "cmd /c echo %random% > c:\ph\sqlserver\idsession.ran "
run command rc_temp
let rc_temp = &
;both below work fine
;"cmd /c qtp auto=c:\ph\sqlserver\idsession.qtc < c:\ph\sqlserver\idsession.ran > idsession.log"
"cmd /c echo %random% | qtp auto=c:\ph\sqlserver\idsession.qtc > idsession.log"
run command rc_temp
get dict_session_file seq
close dict_session_file
info = word now response
end
procedure internal ises
begin
let t_sess = random( t_seed) * 1000
end
procedure initialize
begin
let t_seed = systime
let t_count = t_count + 1
do internal isef
display t_sess
info = ascii (t_count) + " <> " + ascii ( t_sess) now response
return
end
build list
------------------------------------------------------------------------------
From: powerh-l-bounces+atla38=dsl.pipex.com at lists.sowder.com [mailto:powerh-l-bounces+atla38=dsl.pipex.com at lists.sowder.com] On Behalf Of Deskin, Bob
Sent: 07 August 2007 18:00
To: Joe Boyle; Han Han; powerh-l at lists.sowder.com
Subject: RE: Session Control in PH Web - new feature suggestion for phweb
Reasonably unique is not unique. Browser IPs as provided by the Web server environment variables provide the IP to return the results page to the browser. But if the browser is behind a router, that IP may not be unique to a specific PC. Regardless, we do have an enhancement on the list to provide these values.
As for a system function, it's probably not worth the effort since any value that's received in the request can be obtained by declaring a temporary and doing an ACCEPT in the INITIALIZE procedure.
As for generating a unique ID, there are many different requirements and it's easier for customers to put their own together from things like SYSDATETIME, the result of the RANDOM function, and so on.
Bob
-----Original Message-----
From: Joe Boyle [mailto:atla38 at dsl.pipex.com]
Sent: August 7, 2007 12:53 PM
To: Deskin, Bob; 'Han Han'; powerh-l at lists.sowder.com
Subject: RE: Session Control in PH Web - new feature suggestion for phweb
Given that the return address of the browser must be reasonably unique, allow a system call ( along the lines of 'userid/logonid') to return the value of the address of the browser. This would help enable sessionid processing.
Obviously, it would be even easier if PHweb simply generated the equivalent of a unique sessionid J
----------------------------------------------------------------------------
From: powerh-l-bounces+atla38=dsl.pipex.com at lists.sowder.com [mailto:powerh-l-bounces+atla38=dsl.pipex.com at lists.sowder.com] On Behalf Of Deskin, Bob
<SNIP> :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sowder.com/pipermail/powerh-l/attachments/20070808/88437114/attachment.html
More information about the powerh-l
mailing list