Cookie Crumbler vs. Session data
I'm using the Cookie Crumbler in conjuction with the Simple User Folder. Cookie Crumbler stuffs all the user data within a cookie called __ac (by default) as separate variables. session_data_manager, OTOH, has it's own _ZopeId cookie for session data. Is there any existing product that stores the authentication data in the session data instead of a separate cookie? Or is that just a bad idea? In my case, I would like the authentication data to expire at same time as the session data, and putting it into the session data reduces the number of cookies, plus does not retransmit the authentication data on each request. -- Andy Dustman PGP: 0x930B8AB6 @ .net http://dustman.net/andy "Cogito, ergo sum." -- Rene Descartes "I yam what I yam and that's all what I yam." -- Popeye
On Sun, 2002-08-25 at 17:55, Andy Dustman wrote:
Is there any existing product that stores the authentication data in the session data instead of a separate cookie?
BTW, it's nearly trivial but, in fact, impossible with CookieCrumbler (short of hacking the CookieCrumbler Product). You can create setAuthCookie and expireAuthCookie methods somewhere in the acquisition path, and it's trivial to set and expire the authentication data using a Python script. However... there is no hook for getAuthCookie, so the cookie crumbler still reads the original cookie location. If I come up with a patch for this, I'll send it over to zope-cmf... -- Andy Dustman PGP: 0x930B8AB6 @ .net http://dustman.net/andy "Cogito, ergo sum." -- Rene Descartes "I yam what I yam and that's all what I yam." -- Popeye
There's this: http://www.zope.org/Members/levi/SessionUserFolder HTH, - C On Sun, 2002-08-25 at 17:55, Andy Dustman wrote:
I'm using the Cookie Crumbler in conjuction with the Simple User Folder. Cookie Crumbler stuffs all the user data within a cookie called __ac (by default) as separate variables. session_data_manager, OTOH, has it's own _ZopeId cookie for session data. Is there any existing product that stores the authentication data in the session data instead of a separate cookie? Or is that just a bad idea? In my case, I would like the authentication data to expire at same time as the session data, and putting it into the session data reduces the number of cookies, plus does not retransmit the authentication data on each request.
-- Andy Dustman PGP: 0x930B8AB6 @ .net http://dustman.net/andy "Cogito, ergo sum." -- Rene Descartes "I yam what I yam and that's all what I yam." -- Popeye
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
On Sun, 2002-08-25 at 22:43, Chris McDonough wrote:
There's this:
I saw that, but it didn't seem suitable on it's own. What I needed was a cross between the SimpleUserFolder and CookieCrumbler and SessionUserFolder. I sent a patch to zope-cmf that gives CookieCrumbler a little more functionality (getAuthCookie), enough to handle storing the authentication data in the session data. There's one little bug in there that's easily fixed (back out changes to delRequestVar). -- Andy Dustman PGP: 0x930B8AB6 @ .net http://dustman.net/andy "Cogito, ergo sum." -- Rene Descartes "I yam what I yam and that's all what I yam." -- Popeye
I have been trying to do exactly what you want with my custom user-folder and Zope Sessions and CookieCrumbler however there is one major problem as mentioned in: <thanks to Chris McD..> http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/Sessions.stx and search for " Using Session onAdd and onDelete Events". According to this the way Session expiry works there is no guarantee that the user you are logging out on expiry of a session is the same user who created the session. So if you figure out how to do that... pls let me know too... AM Andy Dustman wrote:
On Sun, 2002-08-25 at 22:43, Chris McDonough wrote:
There's this:
I saw that, but it didn't seem suitable on it's own. What I needed was a cross between the SimpleUserFolder and CookieCrumbler and SessionUserFolder. I sent a patch to zope-cmf that gives CookieCrumbler a little more functionality (getAuthCookie), enough to handle storing the authentication data in the session data. There's one little bug in there that's easily fixed (back out changes to delRequestVar).
-- ================================================================== Aseem Mohanty Neurobehavioral Systems Inc, 828 San Pablo Ave, Albany, CA 94706 (R) 510 7696011 (M) 510 3014871 (O) 510 5279231 ================================================================== "I saw `cout' being shifted "Hello world" times to the left and stopped right there!!" -- Steve Gonedes ==================================================================
participants (3)
-
AM -
Andy Dustman -
Chris McDonough