[Zope] Determining user from session object - who is logged in?

Chris McDonough chrism at plope.com
Thu Oct 13 04:25:27 EDT 2005


On Thu, 2005-10-13 at 00:26 +0200, Gaute Amundsen wrote:
> Well, I know that ther might easily be "login less" sessions, 
> but, is it possible to log have "session less" logins?

Yes.  In fact, this is the default for Zope "out of the box".  Zope's
default user folder uses HTTP basic authentication, which doesn't
require sessions at all.  Ditto for applications that use CookieCrumbler
or user folder implementations that use cookies to store credentials.

Zope does not create a session for every user by default, just because
not all applications require sessions.  It's up to the programmer to
create use sessions.  Usually this just means putting a mention of
REQUEST.SESSION in one or more of your scripts or views.

> The first case would not be a problem. I expect one could easily detect the 
> lack of userdata, and skip altering the session, and in that case would not 
> an addScript let me solve this without resort to external methods, or product 
> code?

addScript... sure, doing it this way is likely easy for any given
application.  It just can't be solved generally for all applications
because there's no easily-overrideable "do this at login time" hook
built in to "stock" Zope (although there are definitely hooks for this
in PAS and probably in exUserFolder too).

- C





More information about the Zope mailing list