[Zope] why two session identifiers?

Chris McDonough chrism@zope.com
Mon, 5 Aug 2002 14:31:15 -0400


>('SESSION', id: 10285673650225743670, token: 75320603A0aaJWubl-Y,
>contents: [])
>
>Now, it happens that the 'token' field and the browser id have the
same
>value (75320603A0aaJWubl-Y), so I wonder why should there be the
'token'
>field at all: isn't it redundant? On the other hand, if "browser
id" and
>"token" are conceptually to be kept distinguished, why do they have
the >same
>value? And, again, what's the 'token' field intended for?

The "token" is the browser id.  The "id" is the session id.  The
__repr__ of a session data object prints out the browser id as
"token" for "hysterical raisins".  Printing the value of "token" is
not redundant, it's just misnamed.  It should really label it
"browser id".  This could be considered a bug if you're super-picky.
;-)

>??? If this is so (i.e. if the session id is not stored or seen on
the
>client in any way), what about the
>id: 10285673650225743670
>key-value pair contained in the cookie sent to the client browser?
>Please, explain further on.

There is no such key value pair in the actual cookie sent to the
browser, you're mistaken.  The cookie only contains the browser id.
You can check this if you like by examining a browser id cookie on
your filesystem.

HTH,

- C