Pavlos Christoforou wrote
Here lies the major difference between FSSession and SQLSession. FSSession does not insert the session object in the REQUEST object. It loads the session info into temporary variables in the object. Is there a reason to insert the session object in the REQUEST variable? I can change it if there is a good reason.
I'm not sure I understand what you mean by 'loads the session values into temporary variables in the object'. The rationale behind having REQUEST.SESSION was to make it behave in a way similar to RESPONSE. I explicitly did _not_ want to have session variables automatically looked up, or stored - this seemed to me to be an error prone way to go. I also dislike things that stomp all over my global namespace, and pulling all session values out seemed too much like 'from foo import *' to me.
SESSION API: SESSION.getName() - returns the session id of the current session.
Ok I will add it. Right now the SessionUID is inserted in the REQUEST object.
I could add that as well, I guess - but I prefer having all of the session values inside REQUEST.SESSION.
Query: should it also support __getattr__ ? I've resisted it so far as I don't think so. If users ask for it then we can add it, but I will agree it is not really neccessary.
I've had (I think) two requests for it. The other reason for not adding it is that if people get comfortable using it, they then get bitten by the whole SESSION['a-b-c'] != SESSION.a-b-c (a-b-c is not a valid python variable name).
I think one useful method is one that returns a URL including the SessionUID if client does not support cookies or the URL if it does (BTW what is the best way of detecting whether the client supports cookies?) Here is the implementation in FSSession:
Hm - I've thought about this, but haven't come up with an authoritative (if that's the right term) way to deal with it. One way I've thought to do it is to make the first form submit have a hidden field called something like '_this_form_should_send_in_a_cookie_called_foo', then check the next page for a cookie called 'foo'. If it's not there, stuff 'foo' into the URL. I'd like to avoid putting the session in the URL by default, tho. Anthony -- Anthony Baxter <anthony@interlink.com.au> It's never too late to have a happy childhood.