Hi Folks, A new version of the Core Session Tracking product (the first one in six months!) has been released. Core Session Tracking is a Product which allows you to easily associate transient data with anonymous users. The product is available from http://www.zope.org/Members/mcdonc/Products/CoreSessionTracking. To upgrade from prior releases, just remove the "old" CoreSessionTracking product directory and install this one as per the install instructions in the help/CoreSessionTracking.stx document. A list of changes since the last version is: - Took advantage of securityinfo module and new BTrees modules. As a result, CST 0.9 is incompatible with releases of Zope prior to Zope 2.3.2. - Objects are now acquisition-unwrapped before being placed into session storage (thanks to Matt Hamilton) - A SessionData object's __setitem__ may now be called from a Python Script, it failed previously with a security error. - Fixed bug in SessionDataManager security assertions which made it impossible to change security parameters (thanks to Uwe C. Schroeder). - Fixed constructor number of parameter bugs (thanks to Chris Withers). - Fixed bugs that made isTokenFromForm, isTokenFromCookie, and isTokenNew methods virtually useless (thanks to Frank Tegtmeyer). - added flushTokenCookie method, which deletes the token cookie from the client browser with prejudice. This method is useful when you want to start out completely fresh with a different token. - Fixed bug which caused a "TypeError: loop over non-sequence" at startup under Zope 2.4.X in the Interfaces module which caused the product to not be initialized properly. (Thanks to Chris Withers and Joachim Werner). - Added multithread test cases to testSessionDataManager. - SessionFanout _getleaf method made more efficient by making allowed_hashes a dictionary (thanks to Anthony Baxter). - Added 'getName' alias to SessionData's 'getId' method for compatibility with code written for SQLSession (thanks to Anthony Baxter). - SessionDataContainer keys are now required to be strings (thanks to Anthony Baxter). - Added a new method to SessionDataManagers, "getSessionDataByKey", which provides a way to obtain an arbitrary session data object by feeding it a key (as opposed to getSessionData, which always obtained the session data object related to the current token). A user needs to possess a special permission to be able to do this. - Added conflict resolution to (RAM-based, internal) SessionStorage. - Made internal data container use "LowConflictConnection" class for its ZODB connections. This class operates differently than the standard Connection class because it doesn't raise "read" conflict errors. - Removed "AutoExpireMapping" class and merged its functionality into SessionDataContainer. - Removed "SessionFanout" module (unecessary because we're not trying to support pre-2.3.2 Zopes). - Refactored tests slightly. - Added SessioningPermissions and common modules. Thanks! -- Chris McDonough Zope Corporation http://www.zope.org http://www.zope.com "Killing hundreds of birds with thousands of stones"