[Zope] Securly storing variables without session in zope

William Heymann kosh at aesaeion.com
Tue Jun 14 05:11:54 EDT 2011 

On Tuesday 14 June 2011, Jibin K.J wrote:
> Hi,
> 
>  I want to store values in variables to access form another page(a.k.a
> State management). Now I cannot use sessions since I have multiple Zope
> instances & if one fails the user need to be redirected to another Zope
> instance and one session is valid only for one Zope instance. Now my
> remaining options are

You can share the session over zeo between all your zope servers.

in your zeo.conf file you can put

<temporarystorage temp>
    name temporary storage for sessioning
</temporarystorage>

and in your zope.conf put

<zodb_db temporary>
   # Temporary storage database (for sessions)
   cache-size xxxx
    <zeoclient>
        server xxxxxxx
        storage temp
        name session
        var $INSTANCE/var
        cache-size 0
    </zeoclient>
    mount-point /temp_folder
    container-class Products.TemporaryFolder.TemporaryContainer
</zodb_db>


My zopes and zeo are on the same machine and for that I found that setting the 
cache-size to 0 inside zeoclient worked the best

I would also suggest connecting to zeo over a unix domaind socket instead of a 
port for speed and security reasons if zope and zeo are on the same machine.

If you setup a unix domain socket you would set server to 

server /path/to/my.soc

and in the zeo.conf you would do

address $INSTANCE/my.soc

call it whatever you want

At that points sessions will be shared over zeo. I have been using this for 
over a year now without a single problem. 

Also with this design you can restart your zope servers and as long as the zeo 
server running the session stuff remains running you lose no session data.

What I do is not bind any visitor to any zope server at all. I have nginx 
running in front of 4 zope servers doing load balancing and requests get 
distributed to all zope servers and the session is shared over zeo. For my 
setup this gave the best performance and reliability. That way there is no 
need to worry about setting up sticky sessions, you can restart any instance 
at any time with no interruptions.

More information about the Zope mailing list