core session tracking and zope 2.5 integration
Chris - I'm not sure of your plans for integrating core session tracking with zope 2.5. This may be obvious to you but I just realized today how I would really like to use core session tracking. I haven't yet investigated the feasability of an implementation. However, it would be nice to have 3 out-of-the-box choices for acl_users folders: - the current acl_users folder - a new acl_users folder with core session tracking support (ram-based storage) - a new acl_users folder with core session tracking support (possibly mounted zeo client storage) The core session tracking based acl_users folders would hide all of the details of installing and setting up the current core session tracking product. By combining this with something like the cookie crumbler, password-less users authenticated only by session key (user name equal to the session key) could be automatically created and expired when the session expires. The session data could also simply hang off of the authenticated user object and default roles (or no roles at all) could be assigned at the user's creation time. The session based acl_users folder would behave the same as the current acl_users folder for users whose expiration time is NONE or less than zero. In essence, it would be really helpful to make the core session tracking product as easy to use (and install) as the REQUEST object. I need to elaborate more on my thoughts but I thought it would be worthwhile to ask if something like this is already in the works before I spend too much investigating how to implement such a acl_user folder. thanks, - joe n. -- norton@alum.mit.edu +81-3-3823-5757 2-10-7 Tabata, Kita-ku, Tokyo 114-0014, Japan 〒114-0014 東京都北区田端2丁目10-7
Joseph, Sorry about not getting back sooner on this... it's been a long time.
I haven't yet investigated the feasability of an implementation. However, it would be nice to have 3 out-of-the-box choices for acl_users folders:
- the current acl_users folder
- a new acl_users folder with core session tracking support (ram-based storage)
- a new acl_users folder with core session tracking support (possibly mounted zeo client storage)
The core session tracking based acl_users folders would hide all of the details of installing and setting up the current core session tracking product. By combining this with something like the cookie crumbler, password-less users authenticated only by session key (user name equal to the session key) could be automatically created and expired when the session expires. The session data could also simply hang off of the authenticated user object and default roles (or no roles at all) could be assigned at the user's creation time. The session based acl_users folder would behave the same as the current acl_users folder for users whose expiration time is NONE or less than zero.
Well, this sounds interesting. I think it would be possible to create such a thing using CST, I'd be interested in seeing an implementation based around the current CST to "work the kinks out". Somehow sessioning seems to always get wrapped up in peoples' minds with authentication, but I see the two things as independent of one another. This could be a bridge between them.
In essence, it would be really helpful to make the core session tracking product as easy to use (and install) as the REQUEST object.
Agreed... we are fighting about this at the moment.
I need to elaborate more on my thoughts but I thought it would be worthwhile to ask if something like this is already in the works before I spend too much investigating how to implement such a acl_user folder.
No, nothing like this in the works. It'd be pretty neat to see something like it, at least as "proof of concept"... Thanks and sorry for the ridiculous delay, - C
Chris - Thanks for your response. I had already put together a prototype since my first mail to you on this subject and just completed integration with version 0.9. I have placed a tar bundle at the following url: http://www.zope.org/Members/natsukashi/Prototypes/CoreSessionUserFolder.tgz or link via zope.org home page http://www.zope.org/Members/natsukashi/ with a bundled example (stest_internal.zexp). Please make sure that you read both of the README.txt files. bash$ tar --exclude CVS -cvzf CoreSessionUserFolder.tgz CoreSessionUserFolder CoreSessionUserFolder/ CoreSessionUserFolder/__init__.py CoreSessionUserFolder/User.py CoreSessionUserFolder/images/ CoreSessionUserFolder/images/UserFolder_icon.gif CoreSessionUserFolder/help/ CoreSessionUserFolder/refresh.txt CoreSessionUserFolder/patches/ CoreSessionUserFolder/patches/README.txt CoreSessionUserFolder/patches/CMFCore-CookieCrumbler-p1.txt CoreSessionUserFolder/patches/CoreSessionTracking0-9-p1.txt CoreSessionUserFolder/patches/zope-2.4.1-absolute_url-p1.txt CoreSessionUserFolder/SessionIdManager.py CoreSessionUserFolder/import/ CoreSessionUserFolder/import/README.txt CoreSessionUserFolder/import/stest_internal.zexp It is far from perfect but just a proof of concept. This approach would also benefit from the encrypted user password support (I believe). Please take a look and provide some feedback. thanks, - joe At Sat, 6 Oct 2001 02:04:49 -0400, Chris McDonough wrote:
I need to elaborate more on my thoughts but I thought it would be worthwhile to ask if something like this is already in the works before I spend too much investigating how to implement such a acl_user folder.
No, nothing like this in the works. It'd be pretty neat to see something like it, at least as "proof of concept"...
Correction ... http://www.zope.org/Members/natsukashi/index.html http://www.zope.org/Members/natsukashi/index_html is not able to be found on www.zope.org. At Tue, 09 Oct 2001 12:35:08 +0900,
http://www.zope.org/Members/natsukashi/Prototypes/CoreSessionUserFolder.tgz
or link via zope.org home page
participants (2)
-
Chris McDonough -
Joseph Wayne Norton