[Zope-dev] Session requirements

Phillip J. Eby pje@telecommunity.com
Thu, 30 Mar 2000 13:08:50 -0500


At 10:57 AM 3/30/00 -0500, Andrew M. Kuchling wrote:
>I've started writing up some requirements for session tracking in
>Zope; comments (or discussion on this list) are welcomed.
>
>http://starship.python.net/crew/amk/zope/sess-req.html
>
>The proposed interface is only described in very rough notes, and I
>don't yet consider it finished; don't pay too much attention to it at
>this point (though comment on it if you like).

Comments/suggestions:

* Seperate management of a session *key* from management of session
content, thus allowing seperate "applications" to manage app-specific data
in a meaningful way.  Let a SessionManager (which operates as part of a
traversal into a part of the site), handle creating a SESSION_ID key in the
REQUEST.

* Use the Implementor/Rack pattern to store session data.  Asking the
application's ISession implementor for a session with the SESSION_ID key
would create it if need be.  Also, using Implementor/Rack would allow
attachment of arbitrary property sheets to session objects, each storing
their data in different places if desired/required.

These approaches don't directly solve all of the issues you bring up, but
they avoid making the definition of session too much like an ASP Session
object, which IMHO is too CGI-like and feature-poor.