How to manage several users in nitrogen/inets erlang

Question

I am building a simple web site for my family usage, using Nitrogen/Inets. The current version works as expected as long as I have a single client connected to the web server.

If I try to connect a new user, the 2 sessions seems to share the same state variables:

• browser 1: read the index page, click on connect, and login as user1.
• browser 2: read the index page, the user is user1 --> not OK - go to login and enter as user2. Seems ok.
• browser 1: reload the home page --> user changed to user2 --> very bad :o(

in addition I have included a display to show the timeout counter -> the values are synchronized on both browser.

Can you tell me what I must do to manage several users at the same time? the code i wrote is the following:

extract of index.erl

header() ->
% if the user is not defined, show in the header a button to connect, change the title and display a reduced menu (thanks to common module)
% if the user is defined, show in the header a button to disconnect, change the title and display a complete menu (thanks to common module)
    User = wf:user(),
    Msg = case User of
        undefined -> 
            "Pas connecté";
        User -> 
            "Welcome " ++ User
    end,
    case User of
        undefined -> 
            common:header(Msg, #button { id=dcnx, text="Connexion", postback=connexion , class = rightalign});
        User -> 
            common:header(Msg, #button { id=dcnx, text="Deconnexion", postback=deconnexion , class = rightalign})
    end.


body() ->
    #container_12 { body= #grid_8 { alpha=true, prefix=2, suffix=2, omega=true, body=inner_body(wf:user()) }}.

inner_body(User) -> 
    Msg = case User of
        undefined -> "Pas connecté";
        _ -> User ++ " home"
    end,
    [
        #h2{ text= Msg },
        #p{}
    ].

event(deconnexion) ->
    % a temporary popup just to display the user name and check the function call
    wf:wire(#alert { text="Bye bye " ++ wf:user() }), 
    wf:clear_session(), % erase the session information
    wf:redirect("index"); % redisplay the index page
event(connexion) ->
    wf:redirect_to_login("login");

event(E) -> common:event(E).

extract of login.erl:

body() ->
% the login requires a name and a password,
% checks that {name,password} exists 
        Body = [
            #label { text="Name" },
            #textbox { id=nameTextBox, next=passwordTextBox },

            #p{},  
            #label { text="Password" },
            #password { id=passwordTextBox, next=continueButton },

            #p{},  
            #button { id=continueButton, text="Continue", postback=continue }

    ], 
    wf:wire(continueButton, nameTextBox, #validate { validators=[
        #is_required { text="Obligatoire." },
        #custom { text="utilisateur invalide.", tag=tag_name, function=fun name_validator/2 }
    ]}),

    wf:wire(continueButton, passwordTextBox, #validate { validators=[
        #is_required { text="Obligatoire." },
        #custom { text="mot de passe incorrect.", tag=tag_password, function=fun password_validator/2 }
    ]}),

    Body.

event(continue) ->
    Name = wf:q(nameTextBox), % retreive the name
    wf:user(Name),  % define as user
    wf:role(admin,is_admin(Name)), % define role
    wf:session(logged,true), % define as logged
    wf:redirect_from_login("index"); % go back to the calling page or index if not defined

event(_) -> ok.

Answer 1

The session information is stored with a cookie as the key.

Are you opening the page in another window of the same browser, or are you opening a completely separate browser (IE, Chrome and Firefox)? If you're just opening another window or tab within the same browser, the cookie information is certainly going to be shared, leading to the effect you've described.

So make sure you're firing up two completely different browsers.

The code you've posted looks right - nothing stands out as sharing information across sessions.