[Zope] How to touch session_data without fingerprints???
Chris McDonough
chrism@zope.com
Fri, 19 Jul 2002 00:43:51 -0400
A fix has been checked in to the Zope trunk.
----- Original Message -----
From: "Chris McDonough" <chrism@zope.com>
To: "Pawel Lewicki" <lewicki@provider.pl>; <zope@zope.org>
Sent: Thursday, July 18, 2002 11:57 PM
Subject: Re: [Zope] How to touch session_data without fingerprints???
> You have found a bug. :-(
>
> What hasSessionData does is just return "not not
> getSessionData(create=0)" (which returns either 1 or 0 depending on
> whether getSessionData returns a session data object).
>
> The problem with this is that the "create" flag doesn't mean "dont
> create a session data object", it means "dont assign a browser id".
> If the user coming in already has a browser id cookie, a session
data
> object will nonetheless be created as a result of hasSessionData.
:-(
>
> A workaround for now is (maybe in an external method) to use the
> _hasSessionDataObject method of the session data manager, which
takes
> a single parameter, "key". The key should be the user's browser id,
> which can be obtained by calling the getBrowserId method of the
> browser id manager with the parameter "create=0".
> If the user has no browser id, of course you can't call
> _hasSessionDataObject, and it's safe to assume that he has no
session
> data object.
>
> I will fix this for 2.6 so that hasSessionData calls
> _hasSessionDataObject instead of getSessionData, thus avoiding the
> creation of a new session data object, but your workaround code will
> continue to work. Apologies for the screwup.
>
> Thanks,
>
> - C
>
> ----- Original Message -----
> From: "Pawel Lewicki" <lewicki@provider.pl>
> To: <zope@zope.org>
> Sent: Thursday, July 18, 2002 10:43 PM
> Subject: [Zope] How to touch session_data without fingerprints???
>
>
> > Hallo,
> > I want to transparently touch the session_data. When I call
> functions like
> > REQUEST.SESSION.hasSessionData() or getSessionData(create=0) I
> create the
> > new object in transient object container. Is there any way to
avoid
> it and
> > check if session object exists? Or if not - how to delete only my
> session
> > object from container? I can use external functions if necessary.
> > All the fuss is about counting logged users. I want to limit that
> number,
> > and I do it by counting the number of session objects - already
> done. The
> > problem is that I can't check the number without increasing it :(
> Maybe
> > there is other way.
> >
> > Pawel Lewicki
> >
> >
> >
> > _______________________________________________
> > Zope maillist - Zope@zope.org
> > http://lists.zope.org/mailman/listinfo/zope
> > ** No cross posts or HTML encoding! **
> > (Related lists -
> > http://lists.zope.org/mailman/listinfo/zope-announce
> > http://lists.zope.org/mailman/listinfo/zope-dev )
> >
>
>
>
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )
>