Cookieless Session Management
Does anyone have any thoughts on the pros and the cons of the CookielessSession product? It appears to work great, yet I am a bit nervous that it may not be maintained in the future, and that basing a large site around its capabilities might be risky. Are there documented alternatives for cookieless session management? I can find virtually no references or documentation for how Zope's built in session management works-- but perhaps I am missing some otherwise obvious sources of information. Any references would be appreciated. Thanks. Harlow Pinson Indepth Learning Email: hpinson@indepthl.com Web: http://www.indepthl.com Voice: 505-994-2135 FAX: 208-475-7678
The docs at http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/Sessions.stx should be all you need to know. If there's anything missing, please let me know. "Cookieless" sessions are supported via the "URL-based" sessioning mechanism (see the Browser Id Manager UI) described within. On Mon, 2003-04-07 at 17:06, hpinson@indepthl.com wrote:
Does anyone have any thoughts on the pros and the cons of the CookielessSession product? It appears to work great, yet I am a bit nervous that it may not be maintained in the future, and that basing a large site around its capabilities might be risky.
Are there documented alternatives for cookieless session management?
I can find virtually no references or documentation for how Zope's built in session management works-- but perhaps I am missing some otherwise obvious sources of information. Any references would be appreciated.
Thanks.
Harlow Pinson Indepth Learning Email: hpinson@indepthl.com Web: http://www.indepthl.com Voice: 505-994-2135 FAX: 208-475-7678
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Hi Chris-- thanks for the reference. Is there some drawback to using a session model that stores session information in server memory (CookielessSession) as opposed to a URL- based" sessioning mechanism, like Zope uses? I don't know if you or anyone else has experience with the CookielessSession Product-- it seems to much easier to use than Zope's mechanism. It has not failed after two projects (light usage only). I'm really looking for logical arguments against use of the CookielessSession Product Harlow Pinson Indepth Learning Email: hpinson@indepthl.com Web: http://www.indepthl.com Voice: 505-994-2135 FAX: 208-475-7678
On Mon, 2003-04-07 at 18:31, hpinson@indepthl.com wrote:
Hi Chris-- thanks for the reference.
Is there some drawback to using a session model that stores session information in server memory (CookielessSession) as opposed to a URL- based" sessioning mechanism, like Zope uses?
Somehow state needs to be kept between requests to implement sessioning. (each request to an HTTP server is "fresh", no state is kept between them, this is why cookies are often used for sessioning because they implement a means of tracking state between requests). I'm not sure how CookielessSession does this, but if it doesn't use cookies, it likely either uses query strings, hidden form elements, or URL insertions just like the stock Zope sessioning stuff.
I don't know if you or anyone else has experience with the CookielessSession Product-- it seems to much easier to use than Zope's mechanism. It has not failed after two projects (light usage only).
No, sorry, I don't have any experience with it. If it works for you, I'd say use it!
participants (2)
-
Chris McDonough -
hpinson@indepthl.com