HI
I am planning to use the Velocity WebClient service to provide JSON data to a number of mobile clients (around 8000). They will periodically login to the service to get updates on work and to post hours. On this basis this is mainly a mobile app and I was considering how best to handle the client security as sessions and login in each time would be a difficult/annoying. The issues:
1) login in each time you access a site is hard/annoying/fiddly
2) IF the login details are stored on the device much the same as you would a native app they could be passed with each request
3) The server would have an https socket so the passing of U/P would be OK AND they are know to the user anyway
4) Servoy/velocity are both more than capable in performance terms to take this extra query
5) IF the device is lost a) there is no really critical data in the app and b) that is a user management issue perhaps sensibly protected using a pin
6) The site owner will be able to kill user logins in an emergency and that would block the device immediately
Look forward to your options and any thing I may have overlooked
regards
Gordon
Velocity Webclient
2 posts
• Page 1 of 1
Re: Velocity Webclient
by ptalbot » Mon Jun 10, 2013 3:32 pm
In Velocity you could use the "session" mode so you would have stateful sessions, but this means that you would have as many headless clients (and need as many licenses) as you have http clients, so with the number of clients you cite here (8000 - are they concurrent users?) this would overload the server.
So your best option with that number of client is using a pool so that the load is distributed over a limited number of headless clients, but these clients are going to be stateless.
In that case, yes, you would need to store the user's credentials on the device and send them with each request.
What could be done also is to use the http sessionID as an identifier and store that identifier on the database in a 'session' table where you could store all sorts of client's information.
You would need a process (a batch) that would clean up that table at regular intervals to get rid of timed out sessions.
So your best option with that number of client is using a pool so that the load is distributed over a limited number of headless clients, but these clients are going to be stateless.
In that case, yes, you would need to store the user's credentials on the device and send them with each request.
What could be done also is to use the http sessionID as an identifier and store that identifier on the database in a 'session' table where you could store all sorts of client's information.
You would need a process (a batch) that would clean up that table at regular intervals to get rid of timed out sessions.
Patrick Talbot
Freelance - Open Source - Servoy Valued Professional
https://www.servoyforge.net
Velocity rules! If you don't use it, you don't know what you're missing!
Freelance - Open Source - Servoy Valued Professional
https://www.servoyforge.net
Velocity rules! If you don't use it, you don't know what you're missing!
-
ptalbot - Posts: 1654
- Joined: Wed Mar 11, 2009 5:13 am
- Location: Montreal, QC
2 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 19 guests