I would like to Uniquely identify each window or tab controlled by the Service Worker,
I've read about clienId and the only way I figured I can achieve its value is by FetchEvent:
https://developer.mozilla.org/en-US/docs/Web/API/FetchEvent/clientId
As far as i think about it, each client should have clientId assigned on registration, so I'm sure there must be a way to get it immediately after registration "then" function and just didn't figure out how,
thanks for helping :)
Related
I have an application in which there are users, issuers, certificates and issues. users are the basic account, and issuers are the upgraded accounts who are able to distribute certificates to users. And distributing of certificates are called issues. The app uses postgres 14.4.
There is something called 'passive issue' in the application, which refers to issue of a certificate to a user that is not yet registered. Passive issue executes a transaction as follows:
check if user exists, if it does ignore it, if it does not, continue
create a passive issue which has awaiting register status
and then when that user actually registers, a trigger fires and updates the issue status.
The problem is that, after checking if user exists, and it does not, but right at that moment the user creates the account, and we try to passive issue, it will throw an error saying user already exists.
There are 2 possible approaches to solve this you might have thought so far:
just catch and check the error and redirect it to normal issuing path rather than passive issue within the api itself
return the error and let client retry the request by sending a request to normal issue path
The problem with above solutions:
It can not be done. Simply because this application uses blockchain, and normal issue endpoint requires the signature of the issuer. Passive issue is specifically implemented to be sent without a signature, and signature is generated on the client-side. And sending the private key to api is NOT even a possibility due to security concerns.
This is possible. This way the client will be noticed that this account registered, and it can prepare the signature and directly send a request to normal issue api. But it requires a longer and more complex implementation with retry logic etc.
And what I think would be the most neat solution in my case is such a scenario of passive issue:
check if user exists, and if it doesn't, lock the insert into the user table for that specific email ONLY
create passive issues for those accounts with await registration status (tx committed at this point and lock is released)
now even if the user tried to register in the middle, it will wait until issues are created and then user will be registered, and then trigger will fire, and since there are passive issues on this user now, it will update them.
So... Long story short: is there a way to put a lock on insertion of non-existing rows? And if there is, is it more feasible than the 2nd or any other possible solution?
I was asked to address "Simultaneous Session Logons" problem in AEM (https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Simultaneous_Session_Logons).
I'm looking for a ready solution in OAK for preventing a user account being logged multiple times at once.
I found, that user token are created under "/home/users/c/[user_hash]/.tokens" path, so I was thinking about making a listener that would remove old token if new is created, but I cannot believe that OAK isn't allowing to set up this in some simple way.
I've checked Oak's website but couldn't find anything on that topic. Also searching on google is not helping.
If you have any idea if this can be done in another way than with the mentioned listener, then please share it with me. If you think, that this shouldn't be done, because of some Oak's mechanisms that I might be not aware of, then please warn me.
At some point in the dialogue it may happen that there are no questions asked by the user, and it is necessary for the system to react to the user through a message. How to do this?
Conversation is stateless. So you need to handle this at the application layer. You would have the application layer after a set time send a message to conversation to get it to respond.
It's a conversation service, so the idea is to respond to user input. As Simon has mentioned, it needs to be handled by the application. Let's say the user doesn't type anything for a certain time, so application should be making a call to Conversation Service after that time interval with a specific text for No response intent that can trigger the node that you have designed for #No_Response. The response from this node can then be shown back to the user.
I am developing a small REST API. As I got into analyzing all the possible failure scenarios, which I have to handle to create a reliable and stable system, I went into thinking about how to make my APIs atomic.
If we take a simple case of creating a contact through the POST API.
The server gets the POST request for the new contact.
Creates the contact in the DB.
Creates a response to send back to the client.
The server crashes before sending the response.
The client gets a timeout error (or connection refused?)
The client is bound to think that the contact creation has failed, though, in fact, the contact was in the DB.
Is this a rare case we can ignore? How do big companies deal with such an issue?
To handle this, you should make your write APIs idempotent i.e. If the same operation is executed multiple times, the result should be same as the operation was done only once.
To achieve this in your current example, you need to be able to identify a contact uniquely based on some parameter, say emailAddress. So, if the createContact is called again with the same emailAddress, check in the DB if a contact already exists with the emailAddress. If so, return the existing contact. Else, create a new contact with the emailAddress and return it.
Hope this helps.
If the request times out, the client should not make any assumption about whether it failed or succeeded.
If it is just a user making a request from a web form, then the timeout should just be exposed to the user, and they can hit the back button and check whether the operation succeeded or not, and if not they submit the request again. (This is fine as long as you always keep a consistent state. If your operation has multiple steps and fails mid way, you need to roll back.)
However if reliable messaging is important to your application you will have to use a library or build your own reliable messaging layer. This could work by having the client assign a unique ID to every request, and having another request that lets you check the result of that request ID later. Then you can do automated retries but only where necessary.
Just was wondering how to go about requesting a user to sign up to continue to use some of my website functionality after lets say 5 requests.
How do I do this? I basically have a rest api with a browser front end. The user may click on the link and perform lets say 5-10 free GET requests but I want to somehow keep track of the user and count the number of requests, and then ask the user to register to continue.
Would I need to store the User IP Address somewhere and keep track? How would I do this?
Any tips much appreciated.
You can use the IP address or cookies but both can be circumvented. If you really want to lock it down you may want to require an immediate registration or offer a reduced feature set until people register.