[Zope-CMF] Non-cookie sessions in CMF

[A M Thomas]

Hi all,

First, let me confess my cluelessness.  I'm a newbie, I haven't used
Zope that much yet, but I've read a darn lot and can't find the answer
to this question.

Before I discovered Zope (I've been working with it about a week and a
half), I was working on my own kind of framework (crude) in Perl, mainly
for shopping carts.  So far, it handled sessions this way:

When a user first accessed the site (i.e., no session was passed in), a
session would be created, UNLESS the user was a known search engine
robot.

All output web pages were put through a filter which re-wrote all Form
actions and all links to include a cart_id=[bunch of numbers] HTML PUT
string, or, if URL rewriting was active, the links would be rewritten to
include a /[bunch of numbers] on the end (i.e., the cart_id would look
like part of the URL path, rather than a CGI argument).

Then, wherever the user went on the site, the existing session number
(cart_id) would be passed in, and information for that session would be
loaded.  Search engines would see the URL's without session ID's, which
was good for them, and users finding site pages through search engines
would of course go to pages without having a session already associated
with them - so new users would always get a new session.


Now, it would be great to have that kind of session management for Zope
and CMF.  It would be even better if cookies were added into the mix, so
that if no session ID (I'm using the term interchangeably with my legacy
cart_id) were passed in, the system attempted to set a session cookie. 
If a cookie session ID were present, then that would be used instead of
the other session method, and cleaner URL's could be used.  Make sense?

When a user logs in, the same session ID can be kept - no need to change
it because of successful authentication.  No need to wait for a user to
log in to assign a session ID, either - in fact, in a shopping-type
application, a user would probably never log in.


So, how do I get this to happen?  Is there a product I can install,
something I can configure?  I've read through _all_ the product
listings, read all of "The Zope Book", read the CMF sections in "Zope
web application construction kit" book, searched through what I could
find on the zope.org site, through the past few months of the CMF
mailing list, and through reading material suggested to
session-inquisitive mailing list posters.  I've read the help on
"Session Data Manager", but I don't think this has anything to do with
CMF.  I haven't a clue where to start.  Someone referred to the
"sessions" link in the control panel or in the root of my CMF site, but
I can't find it.  There may well be something up that just didn't look
like it would work based on the Install notes that I missed, or that I
didn't realize could somehow be hooked into the CMF.

I confess one more thing: I don't know Python, although I'm about to
start reading a tutorial.  If I have time today :)

Basically, I guess I want to a) replace the cookie-based session
mechanism in the current CMF package with a non-cookie-based one,
optimally with the either/or model I described above, and b) make some
kind of special DTML var tag that would do the "right thing" to all my
links if appropriate.  Plus make sure the links generated by my skin are
written appropriately - perhaps overwrite "getURL" (I don't seem to have
documentation on that one)?

Has this been done already?  Is anyone interested enough to help with
this?  Having sessions (and CMF) work without cookies is extremely
important to me; I need for this to work before I proceed much further,
so I'm willing to help if necessary.

Many thanks,
Am Thomas
-- 
Virtue of the Small
http://virtueofthesmall.com
am@virtueofthesmall.com