Brad Clements wrote:
I thought request.SESSION was the Session Data Manager, on which I would call getSessionData(create=0)
Gotcha.
If you put the session data object into REQUEST, then it will always be created and you can't control it's creation with the session API.. right?
Well, you can still do it the hard way by acquiring a session_data_manager and calling getSessionData on it as is the norm for CST. This still works. It's probably easier to use the REQUEST-based API. If you use the REQUEST-based API, the session isn't actually created until you access the name "SESSION" in the request, at which point a session is either looked up or created. REQUEST.SESSION is populated lazily, in other words. REQUEST.SESSION is always available for use but it's only populated with an actual session data object the first time you use it.
Looks like I've made a mistake, though its very strange that it ever worked at all.
maybe changing the session-add.stx file to say "session DATA object" rather than "session object" would be helpful.
Yes, you're right. -- Chris McDonough Zope Corporation http://www.zope.org http://www.zope.com "Killing hundreds of birds with thousands of stones"