[Zope-dev] CST not really... :-)

Júlio Dinis Silva juliodinis@hotmail.com
Wed, 29 Aug 2001 19:31:26 +0100 

Hi everyone,

We have been looking at Core Session Tracking.
>From the name of this product we thought this
means this product enabled zope to track zope requests grouping
some requests has a unique session, i.e, some way of zope tracking all
requests from a specific client/browser/session.

But no, this is a session managment product, i.e, data_manager/container and 
a programming api. The core doesnt stands for a code leaving on zope core, 
i.e, somewhere between Zserver and Zpublisher, but this word core is more 
related to the physical place where sessions data are stored which goes from 
standard FileStorage to BerkeleyStorage on a ZODB3 model basis. There 
were/are other alternatives SQL, FileSystem, RAM, etc.

This product offers a good api for one to implement sessions
using either cookies, url rewriting or form hidden fields, and it
is allready prepared to scale in a zeo cluster.

But we think a really good CORE session tracking should be transparent
and independent of this cookies/forms options. This means be able
to install zope and have somewhere an option to turn on/off
zope "really core session tracking". This means zope
having the ability to do sessions using http1.1 persistent connections which 
medusa allready implements and also most current
browsers. Then no need to generate Tokens and pass them with cookies
or forms, there is allready a unique identifier between the server
and the client and that is in medusa socket_map.

What we think is that with zope one dont need to use cookies,
or url rewriting, or forms hidden fields. We should be able to
simply call a method in a standard_html_header which activates sessioning. 
And no need for cookies, or forms, or heavy code writing.

We have actually made a small test using zserver/medusa/asyncore
socket_map which is a list of all persistent connections (open zchannels) in 
a zope server. Of course there are technical considerations to implement a 
consistent solution but we have made a consistent proof-of-concept.

Any comments? someone thought about this before? someone from CST
development thought or is thinking on this possibility, i.e, zope
really core session tracking using http1.1 and no need for 
cookies/forms/url_rewriting?

Best Regards,
JS

PS.For reference:
See the section "A Better Solution to Session Tracking: HTTP/1.1" on:

http://www.internettg.org/newsletter/mar00/workshop_session_management.html

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp