Storing connection info when using SAMP Web profile
thomas.boch at astro.unistra.fr
Thu Jan 26 02:56:02 PST 2012
Dear SAMP enthusiasts,
We are starting to test and study how we will implement (Web) SAMP on
the various CDS web pages.
While experimenting, we found out that having to re-register on each new
web page we open was not very user-friendly.
Thus, we developed some prototype code which stores the connection
information in a dedicated cookie. When the user browses in the same
session on a new web page, he doesn't have to register again, but
instead we re-use the existing connection.
A small demo should make this clearer :
- launch latest version of TOPCAT or any other tool supporting the Web
- load in your browser (with cookies enabled)
- click on Connect to SAMP
- click on Broadcast result table
- point now to http://cdsweb.u-strasbg.fr/~boch/websamp/samp2.html
You'll notice that the page is already connected to the hub, reusing the
existing connection, whose settings are stored in a cookie
We would like to gather your comments, and in particular your thoughts on:
- potential security threats due to storing the connection in a cookie
- section 5.3 of the SAMP document states that [a client must]
"unregister when no further SAMP activity is required, either because
the user requests disconnection or on page unload or a similar event."
In our prototype, we do not unregister when we leave a page, so that we
can reuse the same connection to the hub. Is that a problem ?
On the technical side, we used the samp.js class provided by Mark
Taylor, and made a small change to make visible the Connection field.
The storage of the connection info could also be integrated directly in
the samp.js code.
Mark : if you find this idea interesting, what would you think about
directly integrating this capability into samp.js ?
Thomas & Grégory
More information about the apps-samp