[Zope] How to touch session_data without fingerprints???

Pawel Lewicki lewicki@provider.pl
Fri, 19 Jul 2002 19:38:23 +0200


----- Original Message -----
From: "Chris McDonough" <chrism@zope.com>
To: "Pawel Lewicki" <lewicki@provider.pl>; <zope@zope.org>
Sent: Friday, July 19, 2002 5:57 AM
Subject: Re: [Zope] How to touch session_data without fingerprints???


> You have found a bug.  :-(
>
> What hasSessionData does is just return "not not
> getSessionData(create=0)" (which returns either 1 or 0 depending on
> whether getSessionData returns a session data object).
>
> The problem with this is that the "create" flag doesn't mean "dont
> create a session data object", it means "dont assign a browser id".
> If the user coming in already has a browser id cookie, a session data
> object will nonetheless be created as a result of hasSessionData. :-(
>
> A workaround for now is (maybe in an external method) to use the
> _hasSessionDataObject method of the session data manager, which takes
> a single parameter, "key".  The key should be the user's browser id,
> which can be obtained by calling the getBrowserId method of the
> browser id manager with the parameter "create=0".
> If the user has no browser id, of course you can't call
> _hasSessionDataObject, and it's safe to assume that he has no session
> data object.

I'm not sure if it will help. Each simple touch of the session object
results in creation of the new entry in temp_folder/session_data. I didn't
realize that it happens even in my function counting its elements.  :((( If
anybody had any idea how to avoid I would be grateful. If not I will have to
forget about sessions and program registration method (but how to check
logouts by cookies expiration :(

Pawel Lewicki