[Zope-PAS] [RFC] Extending CookieAuthHelper

Tino Wildenhain tino at wildenhain.de
Thu Nov 11 16:30:33 EST 2004

Am Do, den 11.11.2004 schrieb Jens Vagelpohl um 20:20:
> > WRT sessions, it is a goal of mine for Zope 3 sessions that they be 
> > ubiquitous
> > and storable over ZEO. This means that we choose not to write to them 
> > very
> > often. :)  This alows us to *count* on them being there.
> I believe sessions are one of these killer things that is underutilized 
> for various reasons. One possibly being the fact that they seem to 
> require a lot of mind-bending internal logic to do what they are 
> supposed to do (hello Chris ;), and sometimes reliability is a problem 
> due to the complicated internal logic.
> The plugin I am thinking of only writes to the session once, on login, 
> and then compares the incoming session key to retrieve credentials from 
> the session. So it seems quite sessioning-friendly.
Reminder as we spoke on IRC:

use a simple pickelable object, perhaps named

__credentials with attributes username and password

to protect the credentials to be seen by user code,
in tracebacks and from beeing changed by user code.

When you store in a session.


More information about the Zope-PAS mailing list