Re: [Zope] Session Management
Pavlos Christoforou wrote I will add _force_new_session as well as a corresponding method. Maybe we should decide on some common interface/API to make it easier for users to switch from one to the other.
Excellent plan. I can see two interfaces to define: The interface to the Session object (the thing that's called to populate REQUEST with the SESSION object) The interface to the SESSION object (the dictionary-like thing that's inserted into the REQUEST). SESSION API: SESSION.getName() - returns the session id of the current session. Supports dictionary interface, that is: SESSION.__getitem__ SESSION.__setitem__ SESSION.__delitem__ SESSION.keys SESSION.values SESSION.items SESSION.has_key SESSION.clear SESSION.update Query: should it also support __getattr__ ? I've resisted it so far as 'feature duplication', since there's nothing that you absolutely _need_ it for - e.g. for <dtml-with> you can just write <dtml-with SESSION mapping> to put the SESSION values in the namespace. SESSION.copy - unimplemented, raises error. SESSION.get -- alias for SESSION.__getitem__ SESSION.set -- alias for SESSION.__getitem__ Session object API: Session.__call__(REQUEST=None, session_id=None, noCookie=None, validSession=None) if noCookie is set, do _not_ set a cookie. if validSession is set, do _not_ create a new session if none is specified, or if the one specified is invalid. if session_id is set, use this ID to connect to an existing session (and populate REQUEST.SESSION and any cookie, as appropriate). if REQUEST._force_new_session = 1, then always create a new session. returns the string '<!-- session is "%s" -->'%sessionName (useful for debugging, use dtml-var Session, rather than dtml-call Session. Session.cookie_name - string containing the name of the session cookie. This list is just cribbed from the CVS of release 0.2.3... Did I miss anything - and is there anything from FSSession that should be included? Anthony
Oops I forgot! FSSession already supports _force_new_session. On Tue, 4 Jan 2000, Anthony Baxter wrote:
Excellent plan. I can see two interfaces to define:
The interface to the Session object (the thing that's called to populate REQUEST with the SESSION object) The interface to the SESSION object (the dictionary-like thing that's inserted into the REQUEST).
Here lies the major difference between FSSession and SQLSession. FSSession does not insert the session object in the REQUEST object. It loads the session info into temporary variables in the object. Is there a reason to insert the session object in the REQUEST variable? I can change it if there is a good reason.
SESSION API: SESSION.getName() - returns the session id of the current session.
Ok I will add it. Right now the SessionUID is inserted in the REQUEST object.
Supports dictionary interface, that is: SESSION.__getitem__ SESSION.__setitem__ SESSION.__delitem__ SESSION.keys SESSION.values SESSION.items SESSION.has_key SESSION.clear SESSION.update
Ok
Query: should it also support __getattr__ ? I've resisted it so far as 'feature duplication', since there's nothing that you absolutely _need_ it for - e.g. for <dtml-with> you can just write <dtml-with SESSION mapping> to put the SESSION values in the namespace.
I don't think so. If users ask for it then we can add it, but I will agree it is not really neccessary.
SESSION.copy - unimplemented, raises error.
SESSION.get -- alias for SESSION.__getitem__ SESSION.set -- alias for SESSION.__getitem__
Ok
Session object API:
Session.__call__(REQUEST=None, session_id=None, noCookie=None, validSession=None) if noCookie is set, do _not_ set a cookie. if validSession is set, do _not_ create a new session if none is specified, or if the one specified is invalid. if session_id is set, use this ID to connect to an existing session (and populate REQUEST.SESSION and any cookie, as appropriate). if REQUEST._force_new_session = 1, then always create a new session. returns the string '<!-- session is "%s" -->'%sessionName (useful for debugging, use dtml-var Session, rather than dtml-call Session.
Session.cookie_name - string containing the name of the session cookie.
This list is just cribbed from the CVS of release 0.2.3... Did I miss anything - and is there anything from FSSession that should be included?
I think one useful method is one that returns a URL including the SessionUID if client does not support cookies or the URL if it does (BTW what is the best way of detecting whether the client supports cookies?) Here is the implementation in FSSession: def url(self,url): if self.REQUEST.environ.has_key('HTTP_COOKIE'): # Client accepts cookies. Just return url. A situation can # arise where the client does accept cookies but there is # no cookie set for our domain. This method will mistake # the client as a non cookie enabled, but only the first # time. return url else: if '?' in url: return '%s&%s=%s'%(url,self.cookie_name,self.uid[0]) else: return '%s?%s=%s'%(url,self.cookie_name,self.uid[0]) Pavlos
participants (2)
-
Anthony Baxter -
Pavlos Christoforou