[Zope-dev] Session Product
Scott Robertson
sroberts@codeit.com
Fri, 20 Aug 1999 12:06:25 -0700 (PDT)
>
> A session object is an object that behaves like a folder in zope. If
> you access <Session FolderId>/docLogin via the web, the session folder
> will validate your username and password based off of the first
> acl_users folder that it finds via acquisition. Once the user has been
> authorized the Session Folder creates a brand new Session Instance and
> stores the user information in the Session Instance. Whenever an
> object is accessed through the Session Instance the user is equivalent
> to the user that originally logged in. In effect the authorization
> information is stored in PATH_INFO instead of a cookie or using
> standard HTTP authentication methods. Session Instances will/should be
> automatically deleted if the user has been idle longer than the time
> to live property.
>
> The advantages to this scheme are. (Of course most of this is not
> implemented in this sample)
>
One important one that I forgot.
* No need to trick/coerce/plug/patch/or otherwise beat your web server
into passing authentication information to your Zope process.
---------------------------------------------------
- Scott Robertson Phone: 714.972.2299 -
- CodeIt Computing Fax: 714.972.2399 -
- http://codeit.com -
---------------------------------------------------