OpenID Libraries should be stateless
Ryan Ernst
ryan at citewire.com
Tue Feb 5 10:34:42 PST 2008
This is exactly why I have been trying to avoid using sessions. So then what
do I do? Read the objects manually and save out there state, sign it, pass
it through the return_to, and recreate the objects and the session map?
That seems like a lot of work that could be avoided if the yadis library
would just store its state in a format independent of the application server
it is running on.
Ryan
On Feb 5, 2008 3:34 AM, Wichert Akkerman <wichert at wiggy.net> wrote:
> Previously Josh Hoyt wrote:
> > You can get around the double-discovery in many cases by adding a
> > signed encoding of the discovered information to the return_to URL in
> > the request. Previous versions of these libraries included this trick,
> > but it's rare these days for dynamic application to not have a
> > session.
>
> There is a good reason not to rely on server-side state: keeping session
> state is a big issue for large sites which balance traffic over multiple
> application servers. Any way to avoid server state is a good thing,
> especially if that data is not read-only.
>
> Wichert.
>
> --
> Wichert Akkerman <wichert at wiggy.net> It is simple to make things.
> http://www.wiggy.net/ It is hard to make things simple.
>
> _______________________________________________
> Dev mailing list
> Dev at lists.openidenabled.com
> http://lists.openidenabled.com/mailman/listinfo/dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080205/593a72cf/attachment-0001.htm
More information about the Dev
mailing list