Home
The Toolkit for Online Communities
17238 Community Members, 0 members online, 1898 visitors today
Log In Register
OpenACS Home : Forums : OpenACS Q&A : OpenACS Session Management

Forum OpenACS Q&A: OpenACS Session Management

Icon of envelope Request notifications

Collapse
Posted by Code Warrior on
Could someone please point me to the documentation describing how OpenACS conducts session management?  I did a search but was not able to find anything relevant.  Thank you.
Collapse
Posted by Don Baccus on
It's tied to security so you might want to start reading here:

http://openacs.org/doc/openacs-5-1/security-requirements.html

Collapse
Posted by Code Warrior on
Thank you kindly, Don.
Collapse
4: Re: Session Management (response to 1)
Posted by Code Warrior on
Why not create database accounts for each user and let the database handle access to information using group permissions?  Is this a viable solution?  Is it more/less work than just putting access information to fields in a table?  Which method is more secure?  Thanks.
Collapse
5: Re: Session Management (response to 4)
Posted by Andrew Piskorski on
Um, because that's crazy?

First, "session management" on a web site has nearly nothing whatsoever to do with database accounts in Oracle, they're largely orthogonal concepts.

Second, say you wanted to give every single registered user his own Oracle account. openacs.org currently has 7,897 registered users. Some sites using OpenACS have 50,000+ registered users. I really, really doubt that Oracle accounts are designed for that. It probably wouldn't work, and even if it did, AFAICT there's no advantage whatsoever to doing it.

Oracle programmers sometimes talk about an Oracle "schema" when they mean an Oracle "user", because there is usually a one to one correspondance between the two. So if in doubt, substitute the word "schema" anywhere you see Oracle "user" or "account" and think about it that way. Does every individual user of a website need to define separate relational tables in his own database schema? No, of course not.

And while Oracle does have database accounts, I think PostgreSQL has no such thing, anyway.

David, I suggest you take a step back, and tell us about what problem you're actually trying to solve or understand, why you think "session management" is related to it, etc.

Collapse
Posted by Don Baccus on
Also sharing content between users (as in forum threads, which would be really boring if you only saw your own posts).  If you made them visible by all users then you'd lose the protections you want...