[Zope] - Newbie Question About Sessions

Bernardo Lopes bernardo.lopes@intervento.com
Thu, 21 Jan 1999 17:21:20 -0000


Hello! Sorry i've forgot to put a subject in my last mail. It will not
happen again!

I'm a newcomer to the Zope's world. For now i'm just checking out some
features and trying to build some programs on my own.

After this blablabla here is main main concern for now:

How can i define session properties or objects? What i whant to do is to be
able to define any object (say, client id in a web store) as a session
variable. The tricky thing is that i do not whant the content of this object
to go back and forth between the browser and the server. I do have to put it
in the server and access its contents in some session context. The client id
in my case is very important and represents a security flaw if i allow to be
altered during a browser session. This object is must be defined when the
client logs in the application. If i did allowed it, any user could for
example update or access some record in a SQL database that did not
concerned him. Just because this client id is indeed the identification
number of the user in my database model.