[Zope-dev] core session tracking and zope 2.5 integration

Joseph Wayne Norton norton@alum.mit.edu
Fri, 14 Sep 2001 00:23:38 +0900


Chris -

I'm not sure of your plans for integrating core session tracking with
zope 2.5.  This may be obvious to you but I just realized today how I
would really like to use core session tracking.

I haven't yet investigated the feasability of an implementation. However,
it would be nice to have 3 out-of-the-box choices for acl_users
folders:

  - the current acl_users folder

  - a new acl_users folder with core session tracking support
  (ram-based storage)

  - a new acl_users folder with core session tracking support
  (possibly mounted zeo client storage)

The core session tracking based acl_users folders would hide all of
the details of installing and setting up the current core session
tracking product. By combining this with something like the cookie
crumbler, password-less users authenticated only by session key (user
name equal to the session key) could be automatically created and
expired when the session expires.  The session data could also simply
hang off of the authenticated user object and default roles (or no
roles at all) could be assigned at the user's creation time.  The
session based acl_users folder would behave the same as the current
acl_users folder for users whose expiration time is NONE or less
than zero.

In essence, it would be really helpful to make the core session
tracking product as easy to use (and install) as the REQUEST object.
I need to elaborate more on my thoughts but I thought it would be
worthwhile to ask if something like this is already in the works
before I spend too much investigating how to implement such a acl_user
folder.

thanks,

- joe n.

--
norton@alum.mit.edu
+81-3-3823-5757
2-10-7 Tabata, Kita-ku, Tokyo 114-0014, Japan
$B")(B114-0014  $BEl5~ETKL6hEDC<#2CzL\(B10-7