[Zope] session management

Alexander Staubo alex@mop.no
Mon, 16 Aug 1999 09:11:24 +0200 

How about overloading URL traversal?

Couldn't you write a product which essentially let you embed the session
state in a part of the URL, without touching the actual query string?
Eg., assuming objects /Commerce and /Book, you might have an URL such
as:

 
http://myserver/Commerce/420727498471040a432043f85090/Book/Buy?id=542384
32

Here, the parameter following Commerce is a packed (possibly compressed)
dictionary -- or a key into a server-stored gob of session information.
Since the browser will treat this part of the URL as a parent
collection, there is no need to explicitly pass this information to any
hyperlinks or form targets.

The only problem I see with this scheme is that use of absolute_url()
breaks the acquisition, but this is a small sacrifice to make.

Not having explored the world of traversal overloading in Zope, I
wouldn't know if this is entirely doable -- traversal must support
passing parts of the URL back to the standard traversal engine, that's
the key part.

-- 
Alexander Staubo             http://www.mop.no/~alex/
"QED?" said Russell.
"It's Latin," said Morgan. "It means, 'So there you bastard'."
--Robert Rankin, _Nostramadus Ate My Hamster_

> -----Original Message-----
> From: Anthony Pfrunder [mailto:s341625@student.uq.edu.au]
> Sent: 16. august 1999 06:29
> To: TR Henigson
> Cc: zope@zope.org
> Subject: Re: [Zope] session management
> 
> 
> On Sun, 15 Aug 1999, TR Henigson wrote:
> 
> > Has anyone built an object for managing session information
> > in URL's or with cookies between client requests? Is anyone
> > developing one? If such an object does not exist, how would
> > I best implement session management for an e-commerce app?
> > Thank you.
> 
> I believe that DigiCool will be releasing a Membership 
> component as part
> of the Zope Portel Toolkit (ZPT).  This should implement 
> standard session
> management however, I don't know when this will be released 
> (check the ZPT
> timeline posted a few weeks back, membership is last ;)
> 
> The general way I solve session management depends on what 
> you want to do.
> If you just require a Wizard style 1-2-3-4 steps type session simply
> create a dictionary which is stored in your REQUEST variable,
> packed/unpacked into hidden fields in a hidden form. ie
> 
> # Make a variable in the namespace
> <dtml-var "REQUEST.set(mydict, [dict])">
> 
> <dtml-in REQUEST.FORMS.xx>
> 	# Update it for the hidden elements in your form
> 	<dtml-var "_['mydict'][entry] = _[sequence-item/index]">
> </dtml-in>
> 
> # Do some stuff with mydict[items]
> 
> # Pack up the result for next link
> <dtml-in _['mydict']>
> 	<dtml-var "_['url'] = _['url'] + urlencode(_['sequence-item'],
> _['mydict'][sequence-item])">
> </dtml-in>
> 
> # Store url as link 
> <a href=<dtml-var url>>Next step</a>
> 
> The best way to do this generally is to override url.absolute 
> or some such
> function and wrap all links in it.  This way, all links 
> automagically have
> the session stuff 
> 
> The other way is to use cookies.  Here, you need include a 
> cookie monster
> in each page request.  Refer to DTML guide for info on this.
>  
> Cheers,
> 
> Anthony Pfrunder
> 
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://www.zope.org/mailman/listinfo/zope
> 
> (To receive general Zope announcements, see:
> http://www.zope.org/mailman/listinfo/zope-announce
> 
> For developer-specific issues, zope-dev@zope.org -
> http://www.zope.org/mailman/listinfo/zope-dev )
>