How to achieve Cross Domain Session Sharing in XojoWeb?

Targets Web
1

Is there any way in XojoWeb to achieve Cross Domain Sessions Sharing?

I have two standalone webapplication
A: http://localhost:8081
B: http://localhost:8082
When I access A, A create a WebSession, then I post my account and password to login.
There is a HTMLView Control in A redirecting to B(http://localhost:8082).
But when I access B via HTMLView, B create a new WebSession, so that B can’t recognize who I am.

Tried to do something, I thought I should save WebSession in MYSQL, I’ve created a table for it.

CREATE TABLE sessions (  session_id VARCHAR(32) NOT NULL,  session_last_access INT(10) UNSIGNED,  session_data text,  PRIMARY KEY (session_id)

But I can’t find where is Sessions Save Handler.

I’m new to Cross Domain Sessions Sharing,
I will appreciate your comments.

2

[quote=122062:@?? ?]Is there any way in XojoWeb to achieve Cross Domain Sessions Sharing?

I have two standalone webapplication
A: http://localhost:8081
B: http://localhost:8082
When I access A, A create a WebSession, then I post my account and password to login.
There is a HTMLView Control in A redirecting to B(http://localhost:8082).
But when I access B via HTMLView, B create a new WebSession, so that B can’t recognize who I am.

Tried to do something, I thought I should save WebSession in MYSQL, I’ve created a table for it.

CREATE TABLE sessions (  session_id VARCHAR(32) NOT NULL,  session_last_access INT(10) UNSIGNED,  session_data text,  PRIMARY KEY (session_id)

But I can’t find where is Sessions Save Handler.

I’m new to Cross Domain Sessions Sharing,
I will appreciate your comments.[/quote]

This thread may help : https://forum.xojo.com/14201-invoke-app-session-mymethod-from-another-app-session/unread

3

Sessions are not stored on disk, nor do you have access to the saving/loading mechanism, so sharing a session between two apps is currently not possible in that way. If you want this sort of capability, you’ll need to roll your own tracking mechanism and pass the info back and forth yourself.

FWIW, each browser connection is given its own unique identifier, so its even possible to simulate multiple users using several tabs or windows from the same browser. I know that is the opposite of what you are looking for, but its important to know that if you will be designing your own system.

4

This is exactly why I have a ParentSession class. Every session looks for its parent session and creates a new one if it cant find one. You could definitely store info on the parent session in a database to allow cross-site access. Just keep in mind you’ll be responsible for the security and verification of these parent sessions. If you only want it to work for multiple tabs in the same browser I would recommend not only verifying the IP Address and a Session Cookie but also some of the browser details.