[Zope] Re: CoreSessionTracking

Chris McDonough chrism@digicool.com
Mon, 16 Apr 2001 14:22:21 -0400 

Hi Uwe,

Thanks for the concise explanation of the problem... I'm cc'ing the Zope
list on this... it's best to keep this stuff on the Zope list because the
message archive helps other folks out (including me! ;-)

I think what's happening here is that the dtml-raise in the middle of the
first snippet of DTML below aborts the ZODB transaction, and so the session
data is never saved...

Is there a way to prompt for authorization without doing a DTML raise?  I've
never used LoginManager...


----- Original Message -----
From: "Uwe C. Schroeder" <Uwe.Schroeder@contrada.de>
To: <chrism@digicool.com>
Sent: Monday, April 16, 2001 1:22 PM
Subject: CoreSessionTracking


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi Chris,

I'm stuck so I write directly to you. Hope that's ok.

I installed the CoreSession (recent version) on an unmodified Zope 2.3.1
installation. I created a session_id_mgr in the root folder. Besides this on
(also in the root folder) i created a session data manager called
SessionManager.

What I'm trying to do is to use the session information in conjunction with
the loginmanager to authenticate users based on session information (this is
a customer necessitiy for some special reason).
In my login dialog i placed the following dtml - code

<:let data="SessionManager.getSessionData(create=1)">
<:call "data.set('Path',PATH_INFO)">
<:call "REQUEST.set('token',SessionManager.getToken(create=0))">
</:let>
<dtml-raise "'LoginRequired'">  <!-- this one needed for loginmanager -->

<:if "SessionManager.isTokenNew()">
<font class="FontWhite">New Token created</font><br>
</:if>
<:let data="SessionManager.getSessionData(create=0)">
<font class="FontWhite"> Path is <:var "data.get('Path')"><br>
<:var "SessionManager.encodeUrl(SCRIPT_NAME)"><br></font>

</:let>

where the lower two <let> constructs are for debugging only and will be
removed later. The both lower constructs output the data set above as
expected.

In the same page is a form for auth. It now looks like

<form method="post"
action="http://tiburon.i.contrada.de:8080/Beta/B_Fachkreise/DocCheckHandler"
>
<input type="hidden" name="<:var "SessionManager.getTokenKey()">"
value="<:var token>">

< Here the rest ot the form >

The object DocCheckHandler gets called as expected and the getToken() method
returns the correct token as expected. BUT - there is no session data object
available. The code of the DocCheckHandler looks like

<dtml-var standard_html_header>
<h2><dtml-var title_or_id> <dtml-var document_title></h2>
<p>
The token is <:var "SessionManager.getToken(create=0)"><br>
<:if "SessionManager.hasSessionData()">
<:let data="SessionManager.getSessionData(create=0)">
Pathinfo: <:var "data.get('Path')"><br>
items: <:var "data.keys()"><br>
</:let>
<:else>
No Data Container
</:if>
</p>
<dtml-var standard_html_footer>

The token gets output as expected, but I never get a data container.
I tried this with internal and external data storage. I never get the
session
data back.

Am I stupid or did I miss something ?

Your help is appreciated

Regards

Uwe C. Schröder

- --
Uwe C. Schröder                                      ConTrada Consultants
Lindenstrasse 15                                     Tel/Fax: +49 8294 80070
D-86477 Adelsried                                    Mobil:   +49 172
8532352
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE62yo+TJbO78VG0aIRApOJAKC8crtHLwSvEU9/ah3htFs1/t7AAQCfca7y
f1lqd6USL/m/dNdUIERI9h4=
=USme
-----END PGP SIGNATURE-----