At 1:23 pm +1000 13/9/99, Anthony Baxter wrote:
Rather than passing around lots and lots of data as hidden form fields all the time, I'm planning to extend Scott's Session object to support storing and retrieving of per-Session data.
Issues with this:
In a non-https environment, it would be rather easy to hijack a session by looking at a cache log. I could store the IP address, but this breaks many cache farms (where a session may come from different IP addresses... :(
Is it better to store this in an SQL database, or in the session object itself? I want this to be preserved in the case where Zope restarts, which means I can't just use _v_object type variables.
Storing it in the Session object itself means that the ZODB will grow at a stupid rate. Storing it in an SQL database means a bit of a performance hit.
Has anyone already implemented something like this?
Thoughts? Anthony
A plug for my *old* language, PHP3 and its session library PHPLIb. They did it using cookies and an SQL database, and I think that's the way to do it, rather than using the ZODB. The PHPLib library is at: http://phplib.netuse.de/index.php3 hth tone ------ Dr Tony McDonald, FMCC, Networked Learning Environments Project http://nle.ncl.ac.uk/ The Medical School, Newcastle University Tel: +44 191 222 5888 Fingerprint: 3450 876D FA41 B926 D3DD F8C3 F2D0 C3B9 8B38 18A2