S
smat-consulting
Guest
I use classic WebSpeed, as we're not yet on 11.6 - and, frankly, because I have all the plumbing working and stable for Classic WebSpeed and hadn't had the time to try to rewrite it for Tomcat... When a user logs in, I generate a unique session id, which I store in a table together with the user's internal identifier, the remote-address, a last contact time and some other stuff. This session id is stored in a cookie in the browser and sent with every request, together with some other hashed data. If all the hashed data plus sessionId plus remote-address pan out right, I know who the user is, and can check whether s/he is allowed to make the request. If not it ends right there. Otherwise the request gets executed in the actual application. I have triggers on every table to ensure data-integrity. There, I also up an internal version field, so I can always check before the update if the record has changed since it was originally retrieved for the update. Triggers may also store change-data (for auditing or reconstructing data at a particular date), if that feature is turned on for a particular table. Re Mike's comment: I haven't used mapped objects in more than a decade. I don't think anybody would at this time consider building a web-app where the front-end (JS/HTML) is not completely separated from the backend (ABL). Classic WebSpeed works very well in such an architecture - for example with JQuery and other ajax based frameworks... I don't even have my backend tied to WebSpeed! It is implemented in a strictly front-end independent, simple batch program way. That way, I can run it from a test-wrapper in the editor, which makes debugging a heck-of-a-lot easier... But that goes beyond the original question...
Continue reading...
Continue reading...