[Zope-dev] CoreSessionTracking proposal
Dieter Maurer
dieter@handshake.de
Sat, 30 Sep 2000 21:27:01 +0200
I just read the CoreSessionTracking proposal.
I am very concerned about the "long living browser id".
* Why should a browser id live longer than the
session data maintained for the browser?
This means, if the session lifetime is in the
order of an hour, the cookie need not live
longer than, say, a day.
* I am *VERY* suspicious whenever I get
a cookie with an expiration date more than
a few days in the future.
I do not see any reason why a site should be
able to track my activity over a longer
period of time -- at least no without my
explicit consent.
I tend to refuse long living cookies and as
sites continue to send cookies on any request,
I disable cookies all together.
If this means, a site can not be visited,
I stop visiting the site.
If Zope tries to implement long living browser ids,
I fear, Zope sites will have a high chance, I will
no longer visit them.
Security:
* I do not think "Annonymous" should have the
permission "Add Session Data Objects".
Session handling should be transparent,
including allocation of a session data object.
* I do not think "Annonymous" should have
"Access Session Data" permission
with the exception to its own session data.
Sessions may contain confident
information that must not be revealed to
other users.
Again, session handling should be transparent,
implemented by a mechanism that implements
its own special purpose access policy
(access to session data only by the
session owner).
Consistency:
* sometimes "__zsession__" and sometime "_ZopeId"
seems to be used to refer to an identifier
used for session tracking
* how is it possible to have nested "Session ID Managers"
(necessary for delegation) with "getZopeSessionID" a singleton?
As I understand it, the "singleton" property
prevents any child to reimplement the method.
I must be wrong with this assumption.
Dieter