I've got an application that sort of looks like this: def _fooLogin(self, u, p): if self.SQLTestLogin(u=u, p=p): self.REQUEST.SESSION.set('_loggedin', self.SQLUserFoo(u)) return 1 return 0 def mylogin(self, u, p): if self._fooLogin(u, p): return str(self.REQUEST.SESSION.id) Then in another context but under the same zope instance, this id that mylogin() returns will be passed to another method. That other method should try to get the session object back if not expired. How do I do that? I was hoping for something like this:: def getMyGirlfriends(self, sessionid): session = self.GetSessionById(sessionid) if session.get('_loggedin'): return ... Does anybody know how to do this? Is it even possible? Are there better methods to approach this with? -- Peter Bengtsson, http://www.peterbe.com
Peter Bengtsson wrote at 2004-10-20 16:38 +0100:
.... return str(self.REQUEST.SESSION.id)
Then in another context but under the same zope instance, this id that mylogin() returns will be passed to another method. That other method should try to get the session object back if not expired. How do I do that?
You use methods of "Products.Transience.Transience.TransientObjectContainer" on the instance at "temp_folder/session_data" (this is the "TransientObjectContainer" used for sessions -- until you change the configuration). Of course, the relevant methods are private (you should not look into sessions of other persons). Thus, you can use them only from trusted code... -- Dieter
I see. It's not the session id I'm after, it's the browser hook id that looks like this: 28010048A1iovKNvhGY I want to use SESSIONs in XML-RPC. I thought reading this advice from Jim Washington ( http://mail.zope.org/pipermail/zope/2004-August/152576.html) would solve all my problems but it didn't work. Have only tested in Zope2.6.2. It appears the session_id_manager keeps generating new browser id's instead of letting me reuse the one I have an id for. I've tried the following code in the method that takes the session browser id for a parameter:: print _zopeid self.REQUEST.set('_ZopeId', _zopeid) print self.REQUEST.SESSION But the result is stupidly:: 35536076A1ioxSHjfMw id: 10983612680251881408, token: 77363729A1ioxSI7RwA, contents: [] I've also tried:: print sessionid self.REQUEST.SESSION.getBrowserIdManager().setBrowserIdCookieByForce(sessionid) print self.REQUEST.SESSION But again the result is:: 60658721A1iox6BFVt0 id: 10983614170647928785, token: 47355912A1iox6CjhWY, contents: [] What can I do with this browser id hook to get my session object back? On Wed, 20 Oct 2004 20:32:36 +0200, Dieter Maurer <dieter@handshake.de> wrote:
Peter Bengtsson wrote at 2004-10-20 16:38 +0100:
.... return str(self.REQUEST.SESSION.id)
Then in another context but under the same zope instance, this id that mylogin() returns will be passed to another method. That other method should try to get the session object back if not expired. How do I do that?
You use methods of "Products.Transience.Transience.TransientObjectContainer" on the instance at "temp_folder/session_data" (this is the "TransientObjectContainer" used for sessions -- until you change the configuration).
Of course, the relevant methods are private (you should not look into sessions of other persons). Thus, you can use them only from trusted code...
-- Dieter
-- Peter Bengtsson, http://www.peterbe.com
Peter Bengtsson wrote at 2004-10-21 13:25 +0100:
... It appears the session_id_manager keeps generating new browser id's instead of letting me reuse the one I have an id for.
You can reuse your session id provided you offer it in a way understood by the browser id manager. By default, the browser id manager looks for it in "REQUEST.form" and "REQUEST.cookies". It can be configured to also look in the URL. Note that the browser id manager decides about the id very early in the request -- before traversal is finished. This essentially means that the id must already be present in the request itself -- you cannot provide it later (after traversal is complete). If you really need to set it later, you can modify the "REQUEST" attribute the browser id manager stores the id in (look at the code to find out). Of course, this too is protected -- only trusted code can do it... -- Dieter
Thank you very much Dieter. Setting it in REQUEST.form like this on the first line: self.REQUEST.form['_ZopeId'] = browserid ...did the trick! Great! On Thu, 21 Oct 2004 20:13:02 +0200, Dieter Maurer <dieter@handshake.de> wrote:
Peter Bengtsson wrote at 2004-10-21 13:25 +0100:
... It appears the session_id_manager keeps generating new browser id's instead of letting me reuse the one I have an id for.
You can reuse your session id provided you offer it in a way understood by the browser id manager. By default, the browser id manager looks for it in "REQUEST.form" and "REQUEST.cookies". It can be configured to also look in the URL.
Note that the browser id manager decides about the id very early in the request -- before traversal is finished. This essentially means that the id must already be present in the request itself -- you cannot provide it later (after traversal is complete).
If you really need to set it later, you can modify the "REQUEST" attribute the browser id manager stores the id in (look at the code to find out). Of course, this too is protected -- only trusted code can do it...
-- Dieter
-- Peter Bengtsson, http://www.peterbe.com
participants (2)
-
Dieter Maurer -
Peter Bengtsson