[Zope] Using "Session" to store per-session data.

Anthony Baxter anthony@interlink.com.au
Mon, 13 Sep 1999 13:23:58 +1000


Rather than passing around lots and lots of data as hidden form fields
all the time, I'm planning to extend Scott's Session object to support
storing and retrieving of per-Session data.

Issues with this:

In a non-https environment, it would be rather easy to hijack a session by
looking at a cache log. I could store the IP address, but this breaks many
cache farms (where a session may come from different IP addresses... :(

Is it better to store this in an SQL database, or in the session object
itself? I want this to be preserved in the case where Zope restarts,
which means I can't just use _v_object type variables.

Storing it in the Session object itself means that the ZODB will
grow at a stupid rate. Storing it in an SQL database means a bit of a
performance hit.

Has anyone already implemented something like this?

Thoughts?
Anthony