[Zope-PAS] Re: [RFC] Extending CookieAuthHelper

Tres Seaver tseaver at zope.com
Fri Nov 12 09:40:37 EST 2004

Jens Vagelpohl wrote:

> Yes, that's a good point and I have thought about it myself. There is 
> two items that need to be clened up, come to think of it. On the one 
> hand you have a session, but then there's also a cookie. I'm not sure 
> yet if I want to re-use the standard sessioning cookie or set my own. I 
> need to look at how the timeouts in these items are handled by the 
> standard sessioning machinery.

If you plan to use sessions, you should just rely on the single browser 
ID cookie which Zope's browser_id_manager gives you already.  There is 
no reason to expire that cookie, ever.

Tres Seaver                                tseaver at zope.com
Zope Corporation      "Zope Dealers"       http://www.zope.com

More information about the Zope-PAS mailing list