N-tier multiuser application development

[JD]

Hi bobo,

No licensing issues or anything...

Ext JS is not free as far as I know. This is from Wikipedia

On 20 April 2008, Ext 2.1 was released under a new dual license which allowed the options of the full GPL 3.0 license or a commercial license.[10]

The change in license over time, from a permissive open source license to a restrictive dual license, caused controversy in the ExtJS user community.

I'm wary about rolling out an ExtPascal solution only to discover that the Ext JS license will choke me or my clients.

Are you really sure when you say there are no licensing issues?

[bobo]

Checking out  http://www.sencha.com/products/license-faq.php

I am not distributing extjs with my projects, the clients can download and extract extjs themselves on their web server as part of the installation process.

As for extending ExtJS functionality - that happens rarely by you -, usually someone already done it and you just download the extensions, etc. so it is already published.
In the rare cases you do new extensions (I never needed it) to ExtJS, you can publish those small individual javascript files (or collect them into one), publish them, it does not affect your FPC/Lazarus project at all.

As for ExtPascal, I don't need one additional layer between the client and my server app, I am not using it.
The current fpweb/FCL-web provided functions are perfectly sufficient.
Of course, using ExtJS directly means touching some JavaScript "things" but that should not be an issue for any serious developer, because it is really small with ExtJS, mostly giving values to properties only.

[JD]

Hi Bobo,

I thought using Ext JS in commercial applications required the purchase of a license. I'll check out the link for clarification.

Using Javascript is not an issue because I already work in Java (using Eclipse IDE). I've never tried fpweb/FCL-web because examples & documentation are hard to find. I tend to gravitate towards Java whenever I need a solution that makes extensive use of Internet technology.

This is the first time I'm trying to build something that big in FPC/Lazarus for a market that does not have the hardware to run Java apps. A case of market segmentation if you will.

So do you have examples of the use of fpweb/FCL-web and secondly can you make a diagram of the way you used it in the layers of your application for me.

Thanks

 

[bobo]

According to the linked ExtJS licensing FAQ, you have obligations to publish the ExtJS JavaScript code that YOU have modified AND(!) you are distributing it. So, in-house projects are excluded by default, as well as all extensions you have downloaded from the Internet - since those are already published back to the community. As I've noted, I never needed to extend ExtJS so far, always found that someone else did what I needed already.
Either case, it does not affect your FPC/Lazarus project parts.

True, that FPC/Lazarus fpweb/FCL-web documentation is not abundant - not surprising, considering that the latest ExtJS functionality is only in the 2.5.1 branch of FPC and only in the trunk of Lazarus, both from SVN sources, obviously - , but there are some - trivial - examples and demos available to get you over the first few bumps.
For the core Lazarus components you can find demos under
...your Lazarus dir.../components/fpweb/demo
(sessions, how to use templates, etc.)

and for the core FCL parts you can find some demos under
...your FPC dir.../packages/fcl-web/examples
(extjs, json, etc., I'd look at the webdata mini-demos there)

And there are the FPC and Lazarus mailing lists where you can ask your questions from the community or the developers themselves.

[jl]

Hi bobo, this is interesting, by the way, is your web app multi-user?  If so, how are you implementing the multi-logon sessions?

True, that FPC/Lazarus fpweb/FCL-web documentation is not abundant - not surprising, considering that the latest ExtJS functionality is only in the 2.5.1 branch of FPC and only in the trunk of Lazarus, both from SVN sources, obviously - , but there are some - trivial - examples and demos available to get you over the first few bumps.
For the core Lazarus components you can find demos under
...your Lazarus dir.../components/fpweb/demo
(sessions, how to use templates, etc.)

and for the core FCL parts you can find some demos under
...your FPC dir.../packages/fcl-web/examples
(extjs, json, etc., I'd look at the webdata mini-demos there)

And there are the FPC and Lazarus mailing lists where you can ask your questions from the community or the developers themselves.

[bobo]

For web applications I have used both cookie sessions and URL sessions (and posted the basic examples of them in the fpweb fptemplate examples above) in different projects depending on the need.
I store the user login/pwd data in a table and assign a unique session id to the web clients after login. That session id is used throughout their communication with the web application until they log out or their session expires.
The session id is either in a cookie (cookie sessions) or embedded in every link (encrypted usually) on the response pages, so any following server calls will pass them to the server side CGI/FCGI/Apache_module back-end app therefore identifying the user that has logged in earlier.

If not web pages are used, and the communication is stateless, then you still need some kind of session id to identify the people and only give the clients data they can access.

For native client/server apps, you do not need sessions because the client application just directly can access the back-end server database (VPN or secure tunnel over tcp/ip, etc.), or calls functions there to get data back (the client is not stateless). Usually in these cases the client does the authentication at least at start.

AB

[jl]

Thanks for explaining.  Does session work the same for ExtJS?  Note: I still haven't got the chance to work on the demos as I'm still stuck at compiling Laz with FPC 2.5.1.   

Chanced upon this article on session with ExtJS - http://ffzhuang.blogspot.com/2007/12/ajax-based-extjs-authentication.html

It mentions "The HTTP stack in the browser maintains the sessionid for each successive invocation to the web server that it's talking to and ONLY for that web server. As long as the browser is running, the sessionid is maintained. Once the browser goes away, the sessionid goes away with it. There are known session hijacking hacks out there, but they can be averted by providing a bit more information within the variables attached to the sessionid on the server."

This seems quite different from cookies or sessionid embedded in link.

For web applications I have used both cookie sessions and URL sessions (and posted the basic examples of them in the fpweb fptemplate examples above) in different projects depending on the need.
I store the user login/pwd data in a table and assign a unique session id to the web clients after login. That session id is used throughout their communication with the web application until they log out or their session expires.
The session id is either in a cookie (cookie sessions) or embedded in every link (encrypted usually) on the response pages, so any following server calls will pass them to the server side CGI/FCGI/Apache_module back-end app therefore identifying the user that has logged in earlier.

[bobo]

Well, I did not read the link you put there, but from the quote you provided, it is the same session cookie that fpweb has built in. Those also go away after the browser is closed, therefore closing the session on the client side due to destroying the cookie there, so no request will come to the server from then on from any client for that session id.

As for "URL sessions", those are totally handled from server side, so either a log-out action or time-out is the way to exit/destroy a session.

What I do with ExtJS is to have an additional "KeepAlive" action available on the server side that refreshes the session time-out clock on the server in case the user spends a lot of time client side actively without communicating to the server.
Every now and then, from the ExtJS client this action is called on the server, therefore refreshing the session there (ex: every time the user clicks on a grid cell but 5 minutes hasn't been passed since the last keepalive call, etc.).

AB