[Zope] Determining user from session object - who is logged in?
Gaute Amundsen
gaute at div.org
Thu Oct 13 04:38:35 EDT 2005
That cleared things up nicely.
I will dig into ExuserFolder (which is our standard) a bit more before i
decide.
Thanks :)
Gaute
On Thursday 13 October 2005 10:25, Chris McDonough wrote:
> On Thu, 2005-10-13 at 00:26 +0200, Gaute Amundsen wrote:
> > Well, I know that ther might easily be "login less" sessions,
> > but, is it possible to log have "session less" logins?
>
> Yes. In fact, this is the default for Zope "out of the box". Zope's
> default user folder uses HTTP basic authentication, which doesn't
> require sessions at all. Ditto for applications that use CookieCrumbler
> or user folder implementations that use cookies to store credentials.
>
> Zope does not create a session for every user by default, just because
> not all applications require sessions. It's up to the programmer to
> create use sessions. Usually this just means putting a mention of
> REQUEST.SESSION in one or more of your scripts or views.
>
> > The first case would not be a problem. I expect one could easily detect
> > the lack of userdata, and skip altering the session, and in that case
> > would not an addScript let me solve this without resort to external
> > methods, or product code?
>
> addScript... sure, doing it this way is likely easy for any given
> application. It just can't be solved generally for all applications
> because there's no easily-overrideable "do this at login time" hook
> built in to "stock" Zope (although there are definitely hooks for this
> in PAS and probably in exUserFolder too).
>
> - C
More information about the Zope
mailing list