- Server should use a deterministic method to timeout sessions. cron jobs are good. These should be lightening fast. See other posts in this blog. These timeouts address the situation where the user closes the browser and walks away without logging out.
- Logging out should force session cleanup. If temporary files are not security risks they can be removed by a different cron job.
- Temporary file cleanup can be performed less frequently, unless this would compromise sensitive data. cron jobs are good.
- AJAX controls may fail to execute properly if authentication is required for delivery. Pinging the server to check for session timeouts can limit user frustration when a page doesn’t function due to a session timeout. It may be difficult or prohibitive to attach error trapping to all the AJAX controls in an application. Another options is to cache the control content, but that may be impossible if it is truly dynamic.
- Ping requests may update the session file timestamp. A ping count can be used on the server side to differentiate between ping requests and user-initiated requests. After a certain number of ping requests, the server can time out the session. AJAX and page (HTML) user-initiated requests should clear the ping count.
- Users should be alerted gracefully of timeouts.
Each step ends with place in version control, submit for review, evaluate review responses and apply them as appropriate..
- Define the page architecture, common page elements first. These must be stable before beginning.
- Build page level XHTML/CSS for all pages, target browser FireFox, with only enough back end code to deliver the pages. Use static server-side content to populate dynamic controls/queries for illustration. Create data in the database to support it. Validate the XHTML/CSS as well as possible (some libraries have proprietary attributes).
- If common components are identified in the previous step, they should be constructed reusable/shared components. For example, a file upload or search results dialog box will probably be used in more than one place. Both client and server-side code should address this to avoid duplicate code.
- Tune colors.
- Define and implement client-side functionality, allowing content to be delivered through AJAX, navigation, any dynamic operations.
- Implement client-side validation.
- Extend pages to run under any other browsers you will be supporting. Clearly indicate limitations, such as will function but may not display well. Provide notification for users of unsupported browsers.
- Integrate and implement server-side validation. It should be identical to client-side validation, with addition considerations for security.
- Implement page level functionality.
- Test, test, test.
The registration for the domain name know-waste.com expired, the credit card number had changed, and the most cost-effective solution is to run this blog as a subdomain.
- Web sites
- Live support
- Social networking / web 2.0
- RSS / aggregation
- Internet Marketing
- Application development, including RIAs
- email management
- Server management
- Toolkit / Framework development
- Technical support
- Product support
- Open source customization
- Content Delivery Networks
If you don’t have web stats running on your server, but you’d like to see who is visiting the pages, the following lines can be used.
The first line extracts the requesting IP addresses, sorts them, and then removes any duplicates. The second can be used to get the hostname for the IP address, if it is available.