On Thu, 2005-10-13 at 00:26 +0200, Gaute Amundsen wrote:
Well, I know that ther might easily be "login less" sessions, but, is it possible to log have "session less" logins?
Yes. In fact, this is the default for Zope "out of the box". Zope's default user folder uses HTTP basic authentication, which doesn't require sessions at all. Ditto for applications that use CookieCrumbler or user folder implementations that use cookies to store credentials. Zope does not create a session for every user by default, just because not all applications require sessions. It's up to the programmer to create use sessions. Usually this just means putting a mention of REQUEST.SESSION in one or more of your scripts or views.
The first case would not be a problem. I expect one could easily detect the lack of userdata, and skip altering the session, and in that case would not an addScript let me solve this without resort to external methods, or product code?
addScript... sure, doing it this way is likely easy for any given application. It just can't be solved generally for all applications because there's no easily-overrideable "do this at login time" hook built in to "stock" Zope (although there are definitely hooks for this in PAS and probably in exUserFolder too). - C