[Zope] keeping Java Servlets session ids based on url rewriti
Sun, 10 Sep 2000 13:32:36 -0400
Thanks for the clarifications...
> We use servlets for java to java com between applets and the
> server. Inside, the servlets communicates to C++ based servers for
> objects and events. Servlet sessions are used to help ensure
> for the object and event servers. User database is also stored in the
> object repository. Getting the session id for the servlet back into
> Zope (I was going to store it in a SQLSession object.) was the reason
> for preserving the ;<sessionid> from a response redirect generated by
> servlet. All pages with applets would be written with the servlet
> session ID as a parameter. We were going to use https for anything
> with session ids in them so they can not be sniffed for.
OK, I think I understand... you need to keep using the servlets-style
URL-rewriting because you serve Java applets that make use of
sessionids, and you may want to serve these from Zope.
I've done a little poking around in ZPublisher's HTTPRequest.py and
BaseRequest.py and I don't think that's where the ';*' gets stripped. I
can't find *where* it gets stripped. It must be possible to make Zope
de-ignore things split on a ";", but right now I can't find out where to
> I had not decided if the user database exchange would be done by using
> the client as a relay with user info emedded in
> user,md5-password-signature components in the session id response
> redirect or some Zope to JServ direct handshaking using
> ZPatterns-based Membership. Yet another alternative would be the swig
> Python interface directly to the object server and Zpatterns.
From what little I know about Java servlets, I believe it keeps all the
session objects in separate files within a directory on servlet's
server's filesystem. Are they in an opaque format? Are they named with
the sessionid? Maybe you could let Zope peek at these.
> Hope this helps clarifys things..
> Albert Boulanger