Session crosstalk

I know that if you have two tabs open for a given app on the same PC (same or different browser doesn’t seem to matter), then they are treated as one instance so advancing to the next page of the app on one tab will also advance to that page (which may not be the page that is supposed to come up next) on second tab.

Can this also happen if a prior session hasn’t been completely wiped out before a new session is started? One user is reporting getting sent to incorrect pages which I can only interpret as a previous session hasn’t completely closed.

Is it possible to have crosstalk between sessions on the same local network (namely, they have same external IP address but different local IP addresses)? In other words, if the sessions are open on two separate computers on the local network, will they interfere?

What can be done to minimize this potential for session crosstalk? I realize this is unlikely to occur for actual users. My main goal is to figure out how Xojo sessions work so I am not surprised when this sort of thing happens.

I am not an expert on sessions, but I am pretty sure that if you have two different tabs open from the same browser on the web app, that those are treated as two different sessions.

Each session in unique but depending on how you code things, actions from one session can indeed spill over into another. But that’s not the fault of Xojo. For example, I have “push” set up in my app where when one user makes a change, all other users/sessions get that update. In other areas, I have session specific actions.

I don’t think a previously opened session could be attached to another incoming session. That would be a huge security risk from a browser perspective. So I’m thinking it’s more likely something in the code that is causing what you are seeing.

No, this is incorrect. Each connection to the app gets its own unique session.

[quote=93039:@Ken Gish]… advancing to the next page of the app on one tab will also advance to that page (which may not be the page that is supposed to come up next) on second tab.

Can this also happen if a prior session hasn’t been completely wiped out before a new session is started? One user is reporting getting sent to incorrect pages which I can only interpret as a previous session hasn’t completely closed.[/quote]
You must be using global variables and/or methods instead of session/page specific ones. If you could tell us how you’ve coded things we maybe can diagnose what’s going on.

Modules are global and have spillover but unique tabs do not. Anything that is sensitive to a specific user must stay inside the session object. App properties, global modules, properties, etc. are global across all sessions.

Think of the session as a Thread subclass.

One of the most important distinctions to realize in Web Edition programming is how some methods, variables, events, etc. are server side and some are user/page side.

If something is in the App object, it’s basically server side. Timer’s instantiated in code are server side (WebTimers dropped on the page and WebTimers instantiated in code are client side).

So depending on what you are doing, the code you may want running on a page/session is being run on the server. This will basically change those items for everyone.

It’s very powerful. But unlike a desktop app where you basically have one single user, you can’t program a web app that way. You have to think of a user interface with multiple users all accessing the same app that is already running. So you have to decide what is unique to the user vs. what is global for everyone.

[quote=93052:@Jon Ogden]One of the most important distinctions to realize in Web Edition programming is how some methods, variables, events, etc. are server side and some are user/page side.

If something is in the App object, it’s basically server side. Timer’s instantiated in code are server side (WebTimers dropped on the page and WebTimers instantiated in code are client side).

So depending on what you are doing, the code you may want running on a page/session is being run on the server. This will basically change those items for everyone.[/quote]
Jon, this is not really correct and is misleading. Most all of your code is running on the server, even for pages and controls. It’s true that the javascript framework handles some simple things on its own, but mostly it just sets up events that get sent back to the server so your Xojo code can act on it, then the server sends any necessary changes back to the browser.

Now, even though most things are running on the server, all session/page code is still isolated to each session. The only things that are global for all sessions are those in the App class/object and modules. And even then you can limit the effect to one session by setting and using a session context.

[quote=93068:@Jay Madren]Jon, this is not really correct and is misleading. Most all of your code is running on the server, even for pages and controls. It’s true that the javascript framework handles some simple things on its own, but mostly it just sets up events that get sent back to the server so your Xojo code can act on it, then the server sends any necessary changes back to the browser.

Now, even though most things are running on the server, all session/page code is still isolated to each session. The only things that are global for all sessions are those in the App class/object and modules. And even then you can limit the effect to one session by setting and using a session context.[/quote]

Are you certain about that? I thought that as the page is built, the framework basically translates everything it can into Javascript and sends that all down to the browser where as much as possible is run on the browser. Obviously not everything can but if I I have a text field in the page and in the TextChanged event I have the following code:

If me.Text = "Jump" Then
   Msgbox "How high?"
End If

It doesn’t make a lot of sense that this would be sent back to the server when I’m pretty sure Javascript on the page could handle that.

So yes, I am questioning what you are saying as I would think that you’d want as much delivered to the browser and run on the browser as possible in order to mitigate what has to run on the server.

This is helpful. After reading these comments, it is clear to me that I am incorrectly using Modules and Global variables for things that need to work within a session only, not across sessions. I need some clarification on how I can figure out the scope of variables and components.

Are Global variables always working across sessions?

What is the best alternative to using Modules? Most of the modules I am using are just instantiating a webpage. Do WebContainers work within session only? All I need is a Shown event.

Please correct my mistakes below but this is my best guess about what the scope means:

Module properties have three scope options:
Global - across session
Protected - within session
Private - within module only

WebPage:
Public - within session
Protected - within session but can be called from separate webpages if the webpage is included in the call
Private - cannot be used outside the page

Again, I probably got this wrong so please correct and/or clarify.j

I don’t think any of this is correct. The private, protected and public/global are based on what objects in Xojo can access. See the docs for discussions of modules and the scope options.

If you want to contain properties to a session, put those properties in the webpage itself instead of the module. Modules are for things that are going to be global across all users.

[quote=93070:@Jon Ogden]Are you certain about that? I thought that as the page is built, the framework basically translates everything it can into Javascript and sends that all down to the browser where as much as possible is run on the browser. Obviously not everything can but if I I have a text field in the page and in the TextChanged event I have the following code:

If me.Text = “Jump” Then
Msgbox “How high?”
End If[/quote]
Yes, I am certain. Xojo does not “translate” hardly any of your code into javascript. The javascript framework is just that - a framework, much like jquery. It is there to give the server side app something to interact with. Each control you place on a page basically has two components - the html/javascript representation of it in the browser and the real object on the server.

To show that your code is still executing server side, place a breakpoint at the beginning of your example code block and run it. You will be able to step through it in the debugger line by line, as it’s executing in the server app.

Yes, javascript could handle that, but “translating” all possible code statements into javascript is a huge effort that they have not done here. Also, translating the Xojo code into javascript would open up a lot of security vulnerabilities, since that javascript code is downloaded to the browser where anyone could hack it. Fortunately, your code runs in the binary executable on the server where they can’t get to it.

OK. Thanks. I stand corrected.

I have a bunch of properties in Modules set to Global. I can refer to these module properties from outside the module without having to use the module name. For example, if the variable name is v1 and the Module name is M1, I can refer to v1 outside the Module without having to refer to M1.v1. Is there any way to do this without using a module? I tried using WebPage and Class but both of these require you to put in the component name as well as the property name. I am guessing that this isn’t possible.

Does switching property scope in a module from Global to Protected mean it goes from being a cross-Session variable to a within-Session variable?

Ken… You sound pretty confused about property scope, implicit globals, classes v. objects, and information hiding. I wish I knew where to point you or even where to start. Maybe @Paul Lefebvre has a webinar covering these basics?

Manual states “A Global item is available to code throughout the application.” Since Sessions are a level below Application, this implies Global properties are across-Session variables. For Public items, it also states “A Public item is also available to code throughout the
application.” but the difference is you need the dot notation to refer to public items outside the module. Even so, this doesn’t really tell me if I change a variable for Session #1 whether or not it also changes the variable for Session #2. I assume that it does but I am finding it hard to determine this just by reading the manual.

The manual has a lot of specific information and misses the salient overriding picture. I feel for you if your struggling against dot notation, because that’s not what you should be struggling with. Hopefully, Paul has a good video.

The dot notation is not a big deal. Getting a better understanding of what works within vs. across sessions is the main problem for me right now. I emailed Paul. Hopefully he can knock some sense into my head.

Anything in a module, regardless of scope is cross-session. Anything in App is cross-session. That’s all you need to know. Put your session-specific stuff in session or on the webpage.

Very succinct and helpful response. Thanks. I wish I had never used Modules but I liked the idea of not having to use the dot reference all the time.

It’s not as bad as I thought it would be moving all the stuff out of modules and into Session (or WebPages). The ability to search and replace is a major lifesaver in this process.