[Zope] concurrent logins and Zope

Oliver Bleutgen myzope@gmx.net
Fri, 26 Jul 2002 19:35:02 +0200


Carlo Giomini wrote:


> Oliver, first of all thanks for helping!
>  
> The techniques you suggest are fine, but I would like to get
> rid of cookies as much as possible. 
> 
> With regard to keeping track of multiple sessions inside the *same*
> browser, you mean that unless using hidden form fields there's no way of
> keeping track of multiple sessions on the same machine?
> 
> Let me know, regards,
> 	Carlo.			
> 

Carlo, sorry for replying a little bit late.
In the same browser, pointed to the same server (i.e. the same URI), I 
don't know how one should do that even with cookies.
Somehow, you have to send, on each request, what session you are in. 
Because the browser differentiates what cookies to send by means of the 
URI, I fear there's no way to do that.
Maybe I'm wrong, but I doubt it.
To illustrate, we have to browser windows B1, B2, and a state we want to 
transport to the server, i.e. Session 1 and Session 2 (S1 and S2).
B1 and B2 work on the same URI.

So
1. B1 enters Session 1, does something while sending S1 to the Server
2. B2 enters Session 2, does something while sending S2 to the Server
3. B1 does something, sends S2 to the server, since the URI is the same ;(.

If you use hidden form fields (or parameters tacked to the links, like 
www.server.com/folder1/subfolder2/document_html?session=1) it works.
But that means you'll have to use special crafted links.

Wait, it may be easier if you use javascript.
That way you could perhaps enumerate all links in your page and just add 
the session parameter to the href value.

Short example (manually adapted, so surely wrong)

<dtml-if session_id>
<SCRIPT language="javascript">
for (i=0; i<document.links.length; ++i){
   a = document.links[i];
   a.location.href = a.location.href+"?session=<dtml-var session_id>"
}
</SCRIPT>
</dtml-if>

So adding that to you pages causes zope to deliver this script if the 
session id is set, and the recieving browser executes the script and 
changes all links on the page to include a variable session_id.


HTH,
oliver