[Zope] keeping Java Servlets session ids based on url rewriti ng

albert boulanger aboulang@ldeo.columbia.edu
Sun, 10 Sep 2000 10:35:36 -0400 (EDT)


   Hmmm.. can you take a step back and restate the problem more generally?
   What is the goal?

We use servlets for java to java com between applets and the
server. Inside, the servlets communicates to C++ based servers for
objects and events. Servlet sessions are used to help ensure validation
for the object and event servers. User database is also stored in the
object repository. Getting the session id for the servlet back into
Zope (I was going to store it in a SQLSession object.) was the reason
for preserving the ;<sessionid> from a response redirect generated by
servlet. All pages with applets would be written with the servlet
session ID as a parameter. We were going to use https for anything
with session ids in them so they can not be sniffed for.

I had not decided if the user database exchange would be done by using
the client as a relay with user info emedded in
user,md5-password-signature components in the session id response
redirect or some Zope to JServ direct handshaking using
ZPatterns-based Membership. Yet another alternative would be the swig
Python interface directly to the object server and Zpatterns.

Hope this helps clarifys things..

Albert Boulanger
aboulanger@vaptch.com



-