How to touch session_data without fingerprints???
Hallo, I want to transparently touch the session_data. When I call functions like REQUEST.SESSION.hasSessionData() or getSessionData(create=0) I create the new object in transient object container. Is there any way to avoid it and check if session object exists? Or if not - how to delete only my session object from container? I can use external functions if necessary. All the fuss is about counting logged users. I want to limit that number, and I do it by counting the number of session objects - already done. The problem is that I can't check the number without increasing it :( Maybe there is other way. Pawel Lewicki
You have found a bug. :-( What hasSessionData does is just return "not not getSessionData(create=0)" (which returns either 1 or 0 depending on whether getSessionData returns a session data object). The problem with this is that the "create" flag doesn't mean "dont create a session data object", it means "dont assign a browser id". If the user coming in already has a browser id cookie, a session data object will nonetheless be created as a result of hasSessionData. :-( A workaround for now is (maybe in an external method) to use the _hasSessionDataObject method of the session data manager, which takes a single parameter, "key". The key should be the user's browser id, which can be obtained by calling the getBrowserId method of the browser id manager with the parameter "create=0". If the user has no browser id, of course you can't call _hasSessionDataObject, and it's safe to assume that he has no session data object. I will fix this for 2.6 so that hasSessionData calls _hasSessionDataObject instead of getSessionData, thus avoiding the creation of a new session data object, but your workaround code will continue to work. Apologies for the screwup. Thanks, - C ----- Original Message ----- From: "Pawel Lewicki" <lewicki@provider.pl> To: <zope@zope.org> Sent: Thursday, July 18, 2002 10:43 PM Subject: [Zope] How to touch session_data without fingerprints???
Hallo, I want to transparently touch the session_data. When I call functions like REQUEST.SESSION.hasSessionData() or getSessionData(create=0) I create the new object in transient object container. Is there any way to avoid it and check if session object exists? Or if not - how to delete only my session object from container? I can use external functions if necessary. All the fuss is about counting logged users. I want to limit that number, and I do it by counting the number of session objects - already done. The problem is that I can't check the number without increasing it :( Maybe there is other way.
Pawel Lewicki
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
A fix has been checked in to the Zope trunk. ----- Original Message ----- From: "Chris McDonough" <chrism@zope.com> To: "Pawel Lewicki" <lewicki@provider.pl>; <zope@zope.org> Sent: Thursday, July 18, 2002 11:57 PM Subject: Re: [Zope] How to touch session_data without fingerprints???
You have found a bug. :-(
What hasSessionData does is just return "not not getSessionData(create=0)" (which returns either 1 or 0 depending on whether getSessionData returns a session data object).
The problem with this is that the "create" flag doesn't mean "dont create a session data object", it means "dont assign a browser id". If the user coming in already has a browser id cookie, a session data object will nonetheless be created as a result of hasSessionData. :-(
A workaround for now is (maybe in an external method) to use the _hasSessionDataObject method of the session data manager, which takes a single parameter, "key". The key should be the user's browser id, which can be obtained by calling the getBrowserId method of the browser id manager with the parameter "create=0". If the user has no browser id, of course you can't call _hasSessionDataObject, and it's safe to assume that he has no session data object.
I will fix this for 2.6 so that hasSessionData calls _hasSessionDataObject instead of getSessionData, thus avoiding the creation of a new session data object, but your workaround code will continue to work. Apologies for the screwup.
Thanks,
- C
----- Original Message ----- From: "Pawel Lewicki" <lewicki@provider.pl> To: <zope@zope.org> Sent: Thursday, July 18, 2002 10:43 PM Subject: [Zope] How to touch session_data without fingerprints???
Hallo, I want to transparently touch the session_data. When I call functions like REQUEST.SESSION.hasSessionData() or getSessionData(create=0) I create the new object in transient object container. Is there any way to avoid it and check if session object exists? Or if not - how to delete only my session object from container? I can use external functions if necessary. All the fuss is about counting logged users. I want to limit that number, and I do it by counting the number of session objects - already done. The problem is that I can't check the number without increasing it :( Maybe there is other way.
Pawel Lewicki
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
----- Original Message ----- From: "Chris McDonough" <chrism@zope.com> To: "Pawel Lewicki" <lewicki@provider.pl>; <zope@zope.org> Sent: Friday, July 19, 2002 5:57 AM Subject: Re: [Zope] How to touch session_data without fingerprints???
You have found a bug. :-(
What hasSessionData does is just return "not not getSessionData(create=0)" (which returns either 1 or 0 depending on whether getSessionData returns a session data object).
The problem with this is that the "create" flag doesn't mean "dont create a session data object", it means "dont assign a browser id". If the user coming in already has a browser id cookie, a session data object will nonetheless be created as a result of hasSessionData. :-(
A workaround for now is (maybe in an external method) to use the _hasSessionDataObject method of the session data manager, which takes a single parameter, "key". The key should be the user's browser id, which can be obtained by calling the getBrowserId method of the browser id manager with the parameter "create=0". If the user has no browser id, of course you can't call _hasSessionDataObject, and it's safe to assume that he has no session data object.
I'm not sure if it will help. Each simple touch of the session object results in creation of the new entry in temp_folder/session_data. I didn't realize that it happens even in my function counting its elements. :((( If anybody had any idea how to avoid I would be grateful. If not I will have to forget about sessions and program registration method (but how to check logouts by cookies expiration :( Pawel Lewicki
A workaround for now is (maybe in an external method) to use the _hasSessionDataObject method of the session data manager, which takes a single parameter, "key". The key should be the user's browser id, which can be obtained by calling the getBrowserId method of the browser id manager with the parameter "create=0". If the user has no browser id, of course you can't call _hasSessionDataObject, and it's safe to assume that he has no session data object.
I'm not sure if it will help. Each simple touch of the session object results in creation of the new entry in temp_folder/session_data. I didn't realize that it happens even in my function counting its elements.
Did you read the above? It explains exactly how to avoid this. - C
participants (2)
-
Chris McDonough -
Pawel Lewicki