[Zope] Cookie Crumbler vs. Session data

Sun, 25 Aug 2002 20:54:19 -0700

I have been trying to do exactly what you want with my custom 
user-folder and Zope Sessions and CookieCrumbler however there is one 
major problem as mentioned in:

<thanks to Chris McD..>

http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/Sessions.stx
and search for " Using Session onAdd and onDelete Events".

According to this the way Session expiry works there is no guarantee 
that the user you are logging out on expiry of a session is the same 
user who created the session.

So if you figure out how to do that... pls let me know too...
AM

Andy Dustman wrote:

>On Sun, 2002-08-25 at 22:43, Chris McDonough wrote:
>
>>There's this:
>>
>>http://www.zope.org/Members/levi/SessionUserFolder
>>
>
>I saw that, but it didn't seem suitable on it's own. What I needed was a
>cross between the SimpleUserFolder and CookieCrumbler and
>SessionUserFolder. I sent a patch to zope-cmf that gives CookieCrumbler
>a little more functionality (getAuthCookie), enough to handle storing
>the authentication data in the session data. There's one little bug in
>there that's easily fixed (back out changes to delRequestVar).
>

-- 
==================================================================
 Aseem Mohanty							   
 Neurobehavioral Systems Inc, 828 San Pablo Ave, Albany, CA 94706 
 (R) 510 7696011 (M) 510 3014871 (O) 510 5279231		  	
==================================================================								  	
 "I saw `cout' being shifted "Hello world" times to the left and  
  stopped right there!!"                        -- Steve Gonedes  
================================================================== 