Hi all, In the zope book, sessions chapter, is written: "Manually Invalidating A Session Data Object Developers can manually invalidate a session data object. When a session data object is invalidated, it will be flushed from the system, and will not be returned by subsequent references to REQUEST.SESSION or getSessionData(). " and : "...subsequent references to REQUEST.SESSION in this same request will return a new session data object." I would like to be able to invalidate the session object, and then create a new session with a new key, to be accessed in the next request. But I find that when invalidating a session data object, I can *still* access the old session data in subsequent references to REQUEST.SESSION, in the same request that is. I do not get a new session data object, as I should according to the zope book. And therefore I can not reference the new keys I create in the following requests. Has anyone got a solution for this problem ? It seems the invalidation goes on "between" requests. Is this an error with the sessioning machinery or in the zope book ? Below there are three test scripts, that shows what is going on. greetings, Sune B. Woeller file test1.py: ****** s = context.REQUEST.SESSION s['mykey']='myvalue' print "Page 1, add a key to session.<br />" print "session : <br />" print s print "<br /><br />" print '<a href ="test2">Page 2, invalidate session and add a new key</a><br />' print '<a href ="test3">Page 3, show session</a><br />' return printed ***** file test2.py: ***** s = context.REQUEST.SESSION print "Page 2, invalidate session and add a new key.<br />" s.invalidate() s['mySecondKey']='mySecondValue' print "session after invalidate: <br />" print s print "<br /><br />" print '<a href ="test1">Page 1, add a key to session</a><br />' print '<a href ="test3">Page 3, show session</a><br />' return printed ***** file test3.py: ***** s = context.REQUEST.SESSION print "Page 3, show session<br />" print "session : <br />" print s print "<br /><br />" print '<a href ="test1">Page 1</a><br />' print '<a href ="test2">Page 2</a><br />' return printed
Which Zope are you running? There were major changes to the session mechanism in 2.7.X. On Sat, 23 Oct 2004, Sune Broendum Woeller wrote:
Hi all,
In the zope book, sessions chapter, is written:
"Manually Invalidating A Session Data Object
Developers can manually invalidate a session data object. When a session data object is invalidated, it will be flushed from the system, and will not be returned by subsequent references to REQUEST.SESSION or getSessionData(). "
and :
"...subsequent references to REQUEST.SESSION in this same request will return a new session data object."
I would like to be able to invalidate the session object, and then create a new session with a new key, to be accessed in the next request.
But I find that when invalidating a session data object, I can *still* access the old session data in subsequent references to REQUEST.SESSION, in the same request that is. I do not get a new session data object, as I should according to the zope book. And therefore I can not reference the new keys I create in the following requests.
Has anyone got a solution for this problem ?
It seems the invalidation goes on "between" requests.
Is this an error with the sessioning machinery or in the zope book ?
Below there are three test scripts, that shows what is going on.
greetings, Sune B. Woeller
file test1.py: ****** s = context.REQUEST.SESSION
s['mykey']='myvalue'
print "Page 1, add a key to session.<br />" print "session : <br />" print s print "<br /><br />" print '<a href ="test2">Page 2, invalidate session and add a new key</a><br />' print '<a href ="test3">Page 3, show session</a><br />'
return printed
*****
file test2.py: ***** s = context.REQUEST.SESSION
print "Page 2, invalidate session and add a new key.<br />"
s.invalidate()
s['mySecondKey']='mySecondValue' print "session after invalidate: <br />" print s
print "<br /><br />" print '<a href ="test1">Page 1, add a key to session</a><br />' print '<a href ="test3">Page 3, show session</a><br />'
return printed
*****
file test3.py: ***** s = context.REQUEST.SESSION print "Page 3, show session<br />" print "session : <br />" print s
print "<br /><br />" print '<a href ="test1">Page 1</a><br />' print '<a href ="test2">Page 2</a><br />'
return printed
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Sorry, I'm running both zope 2.7.1 and 2.7.2. (Windows XP, and FreeBSD) Sune
Which Zope are you running? There were major changes to the session mechanism in 2.7.X.
On Sat, 23 Oct 2004, Sune Broendum Woeller wrote:
Hi all,
In the zope book, sessions chapter, is written:
"Manually Invalidating A Session Data Object
Developers can manually invalidate a session data object. When a session data object is invalidated, it will be flushed from the system, and will not be returned by subsequent references to REQUEST.SESSION or getSessionData(). "
and :
"...subsequent references to REQUEST.SESSION in this same request will return a new session data object."
I would like to be able to invalidate the session object, and then create a new session with a new key, to be accessed in the next request.
But I find that when invalidating a session data object, I can *still* access the old session data in subsequent references to REQUEST.SESSION, in the same request that is. I do not get a new session data object, as I should according to the zope book. And therefore I can not reference the new keys I create in the following requests.
Has anyone got a solution for this problem ?
It seems the invalidation goes on "between" requests.
Is this an error with the sessioning machinery or in the zope book ?
Below there are three test scripts, that shows what is going on.
greetings, Sune B. Woeller
file test1.py: ****** s = context.REQUEST.SESSION
s['mykey']='myvalue'
print "Page 1, add a key to session.<br />" print "session : <br />" print s print "<br /><br />" print '<a href ="test2">Page 2, invalidate session and add a new key</a><br />' print '<a href ="test3">Page 3, show session</a><br />'
return printed
*****
file test2.py: ***** s = context.REQUEST.SESSION
print "Page 2, invalidate session and add a new key.<br />"
s.invalidate()
s['mySecondKey']='mySecondValue' print "session after invalidate: <br />" print s
print "<br /><br />" print '<a href ="test1">Page 1, add a key to session</a><br />' print '<a href ="test3">Page 3, show session</a><br />'
return printed
*****
file test3.py: ***** s = context.REQUEST.SESSION print "Page 3, show session<br />" print "session : <br />" print s
print "<br /><br />" print '<a href ="test1">Page 1</a><br />' print '<a href ="test2">Page 2</a><br />'
return printed
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Hi all, I never really got an answer for the below question, of course maybe the answer isn't there ; ) but never the less I try again. I have now tested it with Zope 2.7.3 and get the same results. Is this an error with the zope sessioning machinery or with the specification in the zope book ? Should it be possible to invalidate a session and create a new session during the same request ? greetings, Sune
Sorry, I'm running both zope 2.7.1 and 2.7.2. (Windows XP, and FreeBSD)
Sune
Which Zope are you running? There were major changes to the session mechanism in 2.7.X.
On Sat, 23 Oct 2004, Sune Broendum Woeller wrote:
Hi all,
In the zope book, sessions chapter, is written:
"Manually Invalidating A Session Data Object
Developers can manually invalidate a session data object.
When a session
data object is invalidated, it will be flushed from the system, and will not be returned by subsequent references to REQUEST.SESSION or getSessionData(). "
and :
"...subsequent references to REQUEST.SESSION in this same request will return a new session data object."
I would like to be able to invalidate the session object, and then create a new session with a new key, to be accessed in the next request.
But I find that when invalidating a session data object, I can *still* access the old session data in subsequent references to REQUEST.SESSION, in the same request that is. I do not get a new session data object, as I should according to the zope book. And therefore I can not reference the new keys I create in the following requests.
Has anyone got a solution for this problem ?
It seems the invalidation goes on "between" requests.
Is this an error with the sessioning machinery or in the zope book ?
Below there are three test scripts, that shows what is going on.
greetings, Sune B. Woeller
file test1.py: ****** s = context.REQUEST.SESSION
s['mykey']='myvalue'
print "Page 1, add a key to session.<br />" print "session : <br />" print s print "<br /><br />" print '<a href ="test2">Page 2, invalidate session and add a new key</a><br />' print '<a href ="test3">Page 3, show session</a><br />'
return printed
*****
file test2.py: ***** s = context.REQUEST.SESSION
print "Page 2, invalidate session and add a new key.<br />"
s.invalidate()
s['mySecondKey']='mySecondValue' print "session after invalidate: <br />" print s
print "<br /><br />" print '<a href ="test1">Page 1, add a key to session</a><br />' print '<a href ="test3">Page 3, show session</a><br />'
return printed
*****
file test3.py: ***** s = context.REQUEST.SESSION print "Page 3, show session<br />" print "session : <br />" print s
print "<br /><br />" print '<a href ="test1">Page 1</a><br />' print '<a href ="test2">Page 2</a><br />'
return printed
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Sune Broendum Woeller wrote at 2004-11-22 20:43 +0100:
...
In the zope book, sessions chapter, is written:
"Manually Invalidating A Session Data Object
Developers can manually invalidate a session data object. When a session data object is invalidated, it will be flushed from the system, and will not be returned by subsequent references to REQUEST.SESSION or getSessionData(). "
and :
"...subsequent references to REQUEST.SESSION in this same request will return a new session data object."
I would like to be able to invalidate the session object, and then create a new session with a new key, to be accessed in the next request.
But I find that when invalidating a session data object, I can *still* access the old session data in subsequent references to REQUEST.SESSION, in the same request that is. I do not get a new session data object, as I should according to the zope book. And therefore I can not reference the new keys I create in the following requests.
Has anyone got a solution for this problem ?
It seems the invalidation goes on "between" requests.
Is this an error with the sessioning machinery or in the zope book ?
Maybe, it worked in some Zope version. But, it has no chance in a modern Zope: Sessions are created on demand, i.e. when you access the SESSION object for the first time. To make this happen, the "SessionDataManager" registers a factory as a REQUEST lazy item under the name "SESSION". When you access "REQUEST.SESSION", the factory is called to get the real session object and then the session object is stored as normal REQUEST variable. The factory is removed form REQUEST (as the implementors thought it were no longer necessary). With this description, you can see: you can invalidate the session object but this has no chance to give you a different session object (in the same request). You would need to change the handling of lazy items in "ZPublisher.HTTPRequest.HTTPRequest" (not allowed to remove the factory) and delete the "SESSION" as normal REQUEST variable to make it work. I would say, the book is wrong. -- Dieter
On Tue, 2004-11-23 at 15:07, Dieter Maurer wrote:
Sune Broendum Woeller wrote at 2004-11-22 20:43 +0100:
...
In the zope book, sessions chapter, is written:
"Manually Invalidating A Session Data Object
Developers can manually invalidate a session data object. When a session data object is invalidated, it will be flushed from the system, and will not be returned by subsequent references to REQUEST.SESSION or getSessionData(). "
and :
"...subsequent references to REQUEST.SESSION in this same request will return a new session data object."
I would like to be able to invalidate the session object, and then create a new session with a new key, to be accessed in the next request.
But I find that when invalidating a session data object, I can *still* access the old session data in subsequent references to REQUEST.SESSION, in the same request that is. I do not get a new session data object, as I should according to the zope book. And therefore I can not reference the new keys I create in the following requests.
Has anyone got a solution for this problem ?
It seems the invalidation goes on "between" requests.
Is this an error with the sessioning machinery or in the zope book ?
Maybe, it worked in some Zope version. But, it has no chance in a modern Zope:
Sessions are created on demand, i.e. when you access the SESSION object for the first time.
To make this happen, the "SessionDataManager" registers a factory as a REQUEST lazy item under the name "SESSION".
When you access "REQUEST.SESSION", the factory is called to get the real session object and then the session object is stored as normal REQUEST variable. The factory is removed form REQUEST (as the implementors thought it were no longer necessary).
With this description, you can see: you can invalidate the session object but this has no chance to give you a different session object (in the same request).
You would need to change the handling of lazy items in "ZPublisher.HTTPRequest.HTTPRequest" (not allowed to remove the factory) and delete the "SESSION" as normal REQUEST variable to make it work.
I would say, the book is wrong.
Darn. It was meant to work the way it's described in the book. For it to not work this way is a bug. The invalidate method of a session should cause the session data object to be invalidated. Unfortunately, the "lazy" resolution stuff in ZPublisher also removes the factory from the _lazies namespace, so if the invalidation removed 'SESSION' from request.other it could also never get it from request._lazies in the same request. :-( It would be good if a tracker issue could be entered about this. In the meantime, a workaround is to not use REQUEST.SESSION to get the session data, but to instead use something like "context.session_data_manager.getSessionData()" to get the session data associated with the current request. - C
Chris McDonough wrote:
On Tue, 2004-11-23 at 15:07, Dieter Maurer wrote:
Sune Broendum Woeller wrote at 2004-11-22 20:43 +0100:
...
In the zope book, sessions chapter, is written:
"Manually Invalidating A Session Data Object
Developers can manually invalidate a session data object.
When a session
data object is invalidated, it will be flushed from the system,
and will not
be returned by subsequent references to REQUEST.SESSION or
getSessionData().
"
and :
"...subsequent references to REQUEST.SESSION in this same request will return a new session data object."
I would like to be able to invalidate the session object, and
then create a
new session with a new key, to be accessed in the next request.
But I find that when invalidating a session data object, I can *still* access the old session data in subsequent references to
REQUEST.SESSION, in
the same request that is. I do not get a new session data object, as I should according to the zope book. And therefore I can not
reference the new
keys I create in the following requests.
Has anyone got a solution for this problem ?
It seems the invalidation goes on "between" requests.
Is this an error with the sessioning machinery or in the zope book ?
Maybe, it worked in some Zope version. But, it has no chance in a modern Zope:
Sessions are created on demand, i.e. when you access the SESSION object for the first time.
To make this happen, the "SessionDataManager" registers a factory as a REQUEST lazy item under the name "SESSION".
When you access "REQUEST.SESSION", the factory is called to get the real session object and then the session object is stored as normal REQUEST variable. The factory is removed form REQUEST (as the implementors thought it were no longer necessary).
With this description, you can see: you can invalidate the session object but this has no chance to give you a different session object (in the same request).
You would need to change the handling of lazy items in "ZPublisher.HTTPRequest.HTTPRequest" (not allowed to remove the factory) and delete the "SESSION" as normal REQUEST variable to make it work.
I would say, the book is wrong.
Darn. It was meant to work the way it's described in the book. For it to not work this way is a bug. The invalidate method of a session should cause the session data object to be invalidated.
Unfortunately, the "lazy" resolution stuff in ZPublisher also removes the factory from the _lazies namespace, so if the invalidation removed 'SESSION' from request.other it could also never get it from request._lazies in the same request. :-(
It would be good if a tracker issue could be entered about this.
In the meantime, a workaround is to not use REQUEST.SESSION to get the session data, but to instead use something like "context.session_data_manager.getSessionData()" to get the session data associated with the current request.
Wouldn't an adequate workaround be just to clear the session (rather than destroying it and creating one anew)? E.g.: session = REQUEST.SESSION session.clear() session['key'] = value Tres. -- =============================================================== Tres Seaver tseaver@zope.com Zope Corporation "Zope Dealers" http://www.zope.com
On Tue, 2004-11-23 at 16:36, Tres Seaver wrote:
In the meantime, a workaround is to not use REQUEST.SESSION to get the session data, but to instead use something like "context.session_data_manager.getSessionData()" to get the session data associated with the current request.
Wouldn't an adequate workaround be just to clear the session (rather than destroying it and creating one anew)? E.g.:
session = REQUEST.SESSION session.clear() session['key'] = value
Yup, that'd be fine as well. - C
-----Original Message----- From: zope-bounces@zope.org [mailto:zope-bounces@zope.org]On Behalf Of Tres Seaver Sent: 23. november 2004 22:37 To: zope@zope.org Cc: Sune Broendum Woeller Subject: [Zope] Re: Invalidating a session, creating a new
Chris McDonough wrote:
On Tue, 2004-11-23 at 15:07, Dieter Maurer wrote:
Sune Broendum Woeller wrote at 2004-11-22 20:43 +0100:
...
>In the zope book, sessions chapter, is written: > >"Manually Invalidating A Session Data Object > >Developers can manually invalidate a session data object.
When a session
>data object is invalidated, it will be flushed from the system,
and will not
>be returned by subsequent references to REQUEST.SESSION or
getSessionData().
>" > >and : > >"...subsequent references to REQUEST.SESSION in this same request will >return a new session data object." > >I would like to be able to invalidate the session object, and
then create a
>new session with a new key, to be accessed in the next request. > >But I find that when invalidating a session data object, I can *still* >access the old session data in subsequent references to
REQUEST.SESSION, in
>the same request that is. I do not get a new session data object, as I >should according to the zope book. And therefore I can not
reference the new
>keys I create in the following requests. > >Has anyone got a solution for this problem ? > >It seems the invalidation goes on "between" requests. > >Is this an error with the sessioning machinery or in the zope book ?
Maybe, it worked in some Zope version. But, it has no chance in a modern Zope:
Sessions are created on demand, i.e. when you access the SESSION object for the first time.
To make this happen, the "SessionDataManager" registers a factory as a REQUEST lazy item under the name "SESSION".
When you access "REQUEST.SESSION", the factory is called to get the real session object and then the session object is stored as normal REQUEST variable. The factory is removed form REQUEST (as the implementors thought it were no longer necessary).
With this description, you can see: you can invalidate the session object but this has no chance to give you a different session object (in the same request).
You would need to change the handling of lazy items in "ZPublisher.HTTPRequest.HTTPRequest" (not allowed to remove the factory) and delete the "SESSION" as normal REQUEST variable to make it work.
I would say, the book is wrong.
Darn. It was meant to work the way it's described in the book. For it to not work this way is a bug. The invalidate method of a session should cause the session data object to be invalidated.
Unfortunately, the "lazy" resolution stuff in ZPublisher also removes the factory from the _lazies namespace, so if the invalidation removed 'SESSION' from request.other it could also never get it from request._lazies in the same request. :-(
It would be good if a tracker issue could be entered about this.
In the meantime, a workaround is to not use REQUEST.SESSION to get the session data, but to instead use something like "context.session_data_manager.getSessionData()" to get the session data associated with the current request.
Wouldn't an adequate workaround be just to clear the session (rather than destroying it and creating one anew)? E.g.:
session = REQUEST.SESSION session.clear() session['key'] = value
Tres.
The suggestion from Tres gets me half the way, but it is not enough since I need to get a new session id. The problem is that the request still holds the old session object. The suggestion by chris, to use "context.session_data_manager.getSessionData()" to get the session after the call to invalidate works - it gives me a new session object, and all is well :) To summarize, this does the trick: s = context.REQUEST.SESSION s.invalidate() s=context.session_data_manager.getSessionData() s['myNewKey']='myNewValue' Should I file a bug report here : http://zope.org/Collectors/Zope ? regards, and thank you for your help, Sune
To summarize, this does the trick: s = context.REQUEST.SESSION s.invalidate() s=context.session_data_manager.getSessionData() s['myNewKey']='myNewValue'
Should I file a bug report here : http://zope.org/Collectors/Zope ?
Please, and copy relevant data from this thread. Florent -- Florent Guillaume, Nuxeo (Paris, France) CTO, Director of R&D +33 1 40 33 71 59 http://nuxeo.com fg@nuxeo.com
participants (6)
-
Chris McDonough -
Dennis Allison -
Dieter Maurer -
Florent Guillaume -
Sune Broendum Woeller -
Tres Seaver