[Grok-dev] Grok, sessions and authentication

Jan-Wijbrand Kolman janwijbrand at gmail.com
Wed Jun 9 11:38:42 EDT 2010 

On 6/9/10 17:04 PM, Souheil CHELFOUH wrote:
> Hello grokkers,
>
> I'm currently working on an users/groups system inside Dolmen and i'm
> fighting with the authentication and publishing process, to be able to
> allow certain URL to bypass the authentication.
> This is, obviously, for public resources retrieving.
>
> Digging into the zope-dev mail logs, I also found reports of problems
> i'm experiencing in Dolmen, involving read-write errors while
> accessing ZODB blobs.
>
> I get logs like :
> 2010-06-09 13:39:27,209 WARNING [ZopePublication] Competing
> writes/reads at SOMEURL: database conflict error (oid 0xfa, class
> dolmen.storage.container.OOBTreeStorage, serial this txn started with
> 0x0386b65fab734455 2010-06-09 10:39:40.183655, serial currently
> committed 0x0386b69b740d2a88 2010-06-09 11:39:27.199554)
>
> It seems it's linked to sessions. So, i'm launching a general buoy for
> the guys out there that have experience with zope3 and auth (Martijn,
> J-W ?). Can you give me some tips in these matters ?

It is linked to sessions indeed. I'm not too experienced with ZODB blobs 
to exactly know how these might interact in this case.

Zope will try to get to the credentials stored in the session for each 
and every request - including resources. Since there will be a lot of 
requests close to eachother, read (and sometimes read/write) do occur in 
our applications.

These errors do not necessarily point out problems, it is merely the 
ZODB conflict resolution at work there. If they occur very often though, 
you will want to optimize the parts of your app that cause the conflict.

We (at THA) intende to replace the session based storing of auth 
credentials with a secure cookie-method. This would make - is the idea - 
the hit on the sessions much less.

Another strategy would be to not store the sessions anymore in the main 
ZODB itself, but in a RAM based ZODB storage for example.

This is quick response, there's much more to say on this topic... I hope 
it is of any help though.

regards, jw

More information about the Grok-dev mailing list