[Zope] Problem with Cookieless Sessions on Mozilla and Netscape

Chris McDonough chrism@zope.com
Thu, 25 Jul 2002 18:12:24 -0400 

Hi Mark,

Mark Bucciarelli wrote:
> Thanks for your help.  I wasn't using the encodeUrl method.  I was hoping that 
> setting the browser_id_manager to "Cookies then form" should (somehow) do 
> this transparently, and I had to tweak some setting.

Kapil Thangavelu's URLSessionAdapter at 
http://www.zope.org/Members/k_vertigo/Products/URLSessionAdapter might 
help you here.
It performs URL-encoding automatically.  I hope to roll this idea into a 
later revision of the sessioning stuff, but for now encodeUrl and 
Kapil's thing is all we've got.

> 
> I read the encodeUrl API, and I see how that can help.  Is the basic idea that 
> the request object needs to have a _ZopeId dictionary element defined?

That's right.  Well, a better way to put it would be that the sessioning 
machinery needs to be able to find a variable named '_ZopeId' in the 
request object via a call to REQUEST.get('_ZopeId'), whether this 
variable is in the cookies namespace or the form namespace or wherever.

> Now, how can I make all my links have that suffix?  For example, is there a 
> way parse the response just before it heads back to the client and append a 
> "?_ZopeId=asdf" all href attributes?

No, if you want to use encodeURL, you'll need to encode "clickable" URLs 
by hand in your rendered pages.  For example:

<a href="<dtml-var 
"browser_id_manager.encodeUrl('http://www.zope.org')">">Zope.org</a>

This will produce something like this when it's rendered:

<a href="http://www.zope.org?_ZopeId=78978612367812678">Zope.org</a>

> I suppose one way would be to make sure every ZPT and python script checks the 
> request for _ZopeID and, if found, sticks it into the response.

No, this won't work because HTTP doesn't work that way.  Each request is 
separate, and values you set in the RESPONSE (other thank cookies) are 
lost on the next request.  If the user doesn't have cookies enabled, 
each link needs to have the browser id encoded into the URL and each 
form needs to include a hidden form field in the form:

<input type="hidden" name="<dtml-var 
"browser_id_manager.getBrowserIdName()">"> value="<dtml-var 
"browser_id_manager.getBrowserId()">">

HTH,

-- 
Chris McDonough                    Zope Corporation
http://www.zope.org             http://www.zope.com
"Killing hundreds of birds with thousands of stones"