Hi... I'd like to keep authentication values persistent in a session, so that authentication values can be visible while accessing non protected documents or methods. I tried to do this in a Python script : request = context.REQUEST session = request['SESSION'] session['AUTHENTICATED_USER'] = request['AUTHENTICATED_USER'] but then I receive an error message : Error Type: UnpickleableError Error Value: Cannot pickle objects So what's the best way to keep track of these authentication values ?? (I'm currently using Zope-2.5.1) Thanks, Thierry -- Linux every day, keeps Dr Watson away... http://gpc.tuxfamily.org -- http://www.ulthar.net
Thierry Florac writes:
I'd like to keep authentication values persistent in a session, so that authentication values can be visible while accessing non protected documents or methods. I tried to do this in a Python script :
request = context.REQUEST session = request['SESSION'] session['AUTHENTICATED_USER'] = request['AUTHENTICATED_USER']
but then I receive an error message : Error Type: UnpickleableError Error Value: Cannot pickle objects "request['AUTHENTICATED_USER']" is a complex object which cannot be stored inside ZODB.
When you want to store the user name, use "request['AUTHENTICATED_USER'].getUserName()". Dieter
On Tue, 2002-07-09 at 19:10, Dieter Maurer wrote:
Thierry Florac writes:
I'd like to keep authentication values persistent in a session, so that authentication values can be visible while accessing non protected documents or methods. I tried to do this in a Python script :
request = context.REQUEST session = request['SESSION'] session['AUTHENTICATED_USER'] = request['AUTHENTICATED_USER']
but then I receive an error message : Error Type: UnpickleableError Error Value: Cannot pickle objects "request['AUTHENTICATED_USER']" is a complex object which cannot be stored inside ZODB.
When you want to store the user name, use "request['AUTHENTICATED_USER'].getUserName()".
I've finally decided to try the ZSession product, which can store complex objects like AuthenticatedUser. It seems to work as specified above... My only problem now is that I can do : - a "login" method, prohibited to anonymous users, which can do "zsession.set ('AUTHENTICATED_USER', request['AUTHENTICATED_USER'])" => OK - a "logout" method, which can do "zsession.delete ('AUTHENTICATED_USER')" => OK But if a user do a login/logout and login again, authentication dialog is shown only on the first login ; on the second one, previous authentication is send by the navigator automatically, so that the user can't login with a different user name without exiting completely from his navigator. How could I handle this ??? Is it possible to remove all authentication informations from the navigator without displaying any error message ??? Thanks, Thierry
Thierry Florac writes:
... "request['AUTHENTICATED_USER']" is a complex object which cannot be stored inside ZODB. ... I've finally decided to try the ZSession product, which can store complex objects like AuthenticatedUser. It seems to work as specified above... Be very careful, when you store persistent objects in any cache (a session belongs to this type)!
They have an implicit reference to a ZODB connection. This reference is valid only during the current request. You may get all sorts of weird errors when the object later tries to use this reference. I spend days to locate such an error. It appears as if Zope were non-deterministically crashing, telling me that "None" does not have attributes, oid being invalid and objects being referenced from outside a connection... Dieter
On Wed, 2002-07-10 at 18:47, Dieter Maurer wrote:
Thierry Florac writes:
... "request['AUTHENTICATED_USER']" is a complex object which cannot be stored inside ZODB. ... I've finally decided to try the ZSession product, which can store complex objects like AuthenticatedUser. It seems to work as specified above... Be very careful, when you store persistent objects in any cache (a session belongs to this type)!
They have an implicit reference to a ZODB connection. This reference is valid only during the current request. You may get all sorts of weird errors when the object later tries to use this reference.
I spend days to locate such an error. It appears as if Zope were non-deterministically crashing, telling me that "None" does not have attributes, oid being invalid and objects being referenced from outside a connection...
Perhaps I'm wrong, but I think that ZSession keep sessions properties in memory, and don't store them in ZODB. These sessions are cleared from memory after a given timeout (20 minutes by default). Should that be enough to prevent me from the problem you specify above ?? Thierry
Thierry Florac writes:
Be very careful, when you store persistent objects in any cache (a session belongs to this type)! .... Perhaps I'm wrong, but I think that ZSession keep sessions properties in memory, and don't store them in ZODB. As you found out, trying to store them in ZODB results in a "Cannot pickle" exception.
This means, you are right. Nevertheless, when a different Zope request accesses the object (stored in memory) that has been created by a different ZODB connection, then all kinds of weird errors can happen. When you do not believe me, go ahead -- until they start to occur... Dieter
participants (2)
-
Dieter Maurer -
Thierry Florac