I can vote for CST. I've used it for 3 months now in the prior version (just upgraded today) for an online shop. It works much better than what we used before SQLSession (had it for about 9 months) and seems lighter. We also started having problems that somehow the SQLSession had weird transaction management of its own and it would stall my database. I'm sure its my fault somewhere, but moving to CST was a faster solution it turned out. I note in my logs that people who refuse the cookie will jump sessions per request (though same in SQLSes), but seems to maintain all session data that I use for the whole site workings. It becomes very usefull for securing writes to a database and applying logic to data operations. You can gate applications easily with session switches used in the dtml. It can only be accessed by the session and no request (unless you want it) can affect its value. I enforce all of my sessions again in SQL (why I liked SQL Session so much) so I can do checks against IP to ensure authenticity. Our site is at http://www.oratrix.com please feel free to check it out. We are also a python based shop for SMIL. Regards and good luck, Paul Zwarts -----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org] On Behalf Of Schmidt, Allen J. Sent: Friday, October 05, 2001 1:56 PM To: 'chrism@zope.com' Cc: 'zope@zope.org' Subject: RE: [Zope] Core Session Tracking 0.9 Released I HATE OUTLOOK (sometimes...) Silesion is the spell-checked replacement for SQLSession... Hey Chris, We have just started using SQLSession recently and will soon be using Sessions from it site-wide. It was dirt easy to setup and start using. Can you offer any comparisons to it and CST inn terms of ease of installation, use, management, etc.? It would be nice to see the comparisons from an expert before we dive into SQLSession big time! I would hate to have to redo it all 6 months down the road. ANYTHING you or anyone else can offer on this topic or on using Zope Sessions is MUCH appreciated! Thanks Allen -----Original Message----- From: Chris McDonough [mailto:chrism@digicool.com] Sent: Friday, October 05, 2001 2:31 AM To: zope@zope.org; zope-announce@zope.org Subject: [Zope] Core Session Tracking 0.9 Released Hi Folks, A new version of the Core Session Tracking product (the first one in six months!) has been released. Core Session Tracking is a Product which allows you to easily associate transient data with anonymous users. The product is available from http://www.zope.org/Members/mcdonc/Products/CoreSessionTracking. To upgrade from prior releases, just remove the "old" CoreSessionTracking product directory and install this one as per the install instructions in the help/CoreSessionTracking.stx document. A list of changes since the last version is: - Took advantage of securityinfo module and new BTrees modules. As a result, CST 0.9 is incompatible with releases of Zope prior to Zope 2.3.2. - Objects are now acquisition-unwrapped before being placed into session storage (thanks to Matt Hamilton) - A SessionData object's __setitem__ may now be called from a Python Script, it failed previously with a security error. - Fixed bug in SessionDataManager security assertions which made it impossible to change security parameters (thanks to Uwe C. Schroeder). - Fixed constructor number of parameter bugs (thanks to Chris Withers). - Fixed bugs that made isTokenFromForm, isTokenFromCookie, and isTokenNew methods virtually useless (thanks to Frank Tegtmeyer). - added flushTokenCookie method, which deletes the token cookie from the client browser with prejudice. This method is useful when you want to start out completely fresh with a different token. - Fixed bug which caused a "TypeError: loop over non-sequence" at startup under Zope 2.4.X in the Interfaces module which caused the product to not be initialized properly. (Thanks to Chris Withers and Joachim Werner). - Added multithread test cases to testSessionDataManager. - SessionFanout _getleaf method made more efficient by making allowed_hashes a dictionary (thanks to Anthony Baxter). - Added 'getName' alias to SessionData's 'getId' method for compatibility with code written for SQLSession (thanks to Anthony Baxter). - SessionDataContainer keys are now required to be strings (thanks to Anthony Baxter). - Added a new method to SessionDataManagers, "getSessionDataByKey", which provides a way to obtain an arbitrary session data object by feeding it a key (as opposed to getSessionData, which always obtained the session data object related to the current token). A user needs to possess a special permission to be able to do this. - Added conflict resolution to (RAM-based, internal) SessionStorage. - Made internal data container use "LowConflictConnection" class for its ZODB connections. This class operates differently than the standard Connection class because it doesn't raise "read" conflict errors. - Removed "AutoExpireMapping" class and merged its functionality into SessionDataContainer. - Removed "SessionFanout" module (unecessary because we're not trying to support pre-2.3.2 Zopes). - Refactored tests slightly. - Added SessioningPermissions and common modules. Thanks! -- Chris McDonough Zope Corporation http://www.zope.org http://www.zope.com "Killing hundreds of birds with thousands of stones" _______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) _______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )