[Zope-dev] struggeling with a sessionbased LoginMethod

Joseph Wayne Norton norton@alum.mit.edu
Wed, 07 Nov 2001 23:41:06 +0900


Joachim -

I can't help you with LoginManager, but I did build a customized
version of the acl_users folder that is tightly integrated with core
session tracking.  You might want to consider using it or simply to
duplicate the same behavior.  Please see the e-mail below.

regards,

- joe n

At Mon, 29 Oct 2001 15:35:03 +0900,
norton  wrote:
> 
> 
> I have updated the tarball for CoreSessionUserFolder product (version
> 0.0.3) on the zope.org website.  You can access the tarball from my
> home page at:
> 
>         http://www.zope.org/Members/natsukashi/index.html
> 
> I have changed the implementation slightly and refined the usage
> model.  The basic idea is that an anonymous session object is
> automatically converted into a zope user object given some trigger
> criteria.  After conversion to a zope user object, the anonymous web
> user is granted access via zope's security machinery to some protected
> resource (like index_html). The session user/object will then be
> automatically deleted unless the session's life is extended by another
> trigger criteria.  By using CookieCrumbler in conjunction with
> CoreSessionUserFolder, all of the login/logout mechanisms are nicely
> hidden from the anonymous user.
> 
> I have also included a small demo *.zexp (install/README.txt) that can
> be used out-of-the-box once all of the necessary patches
> (patches.README.txt) have been applied.  It requires zope 2.4.*, CST
> 0.0.9, and the cookie crumbler product.
> 
> I have labeled it a prototype simply because it has not been reviewed
> yet outside of our organization.  Unless there are any troubles, this
> product will be in production usage tomorrow.  You can access the
> website (a fortune telling site) given the following url:
> 
>   http://www.unkei.com/unkei/menu.html
> 
> A CoreSessionUserFolder backs each of the content menus and implements
> a pay-per-view service where a credit card purchase acts as the
> session extending trigger.  Unfortunately, the content is only in
> Japanese and a payment using a major credit card is required to view
> the content.
> 
> Obviously, any feedback good or bad are appreciated.
> 
> - joe n.
>