[Zope] Core Session Tracking 0.9 Released

Paz paz@chello.nl
Fri, 5 Oct 2001 17:43:26 +0200

I can vote for CST. I've used it for 3 months now in the prior version
(just upgraded today) for an online shop. It works much better than what
we used before SQLSession (had it for about 9 months) and seems lighter.
We also started having problems that somehow the SQLSession had weird
transaction management of its own and it would stall my database. I'm
sure its my fault somewhere, but moving to CST was a faster solution it
turned out.

 I note in my logs that people who refuse the cookie will jump sessions
per request (though same in SQLSes), but seems to maintain all session
data that I use for the whole site workings. It becomes very usefull for
securing writes to a database and applying logic to data operations. You
can gate applications easily with session switches used in the dtml. It
can only be accessed by the session and no request (unless you want it)
can affect its value. I enforce all of my sessions again in SQL (why I
liked SQL Session so much) so I can do checks against IP to ensure

Our site is at http://www.oratrix.com please feel free to check it out.
We are also a python based shop for SMIL.

Regards and good luck,
Paul Zwarts

-----Original Message-----
From: zope-admin@zope.org [mailto:zope-admin@zope.org] On Behalf Of
Schmidt, Allen J.
Sent: Friday, October 05, 2001 1:56 PM
To: 'chrism@zope.com'
Cc: 'zope@zope.org'
Subject: RE: [Zope] Core Session Tracking 0.9 Released

I HATE OUTLOOK (sometimes...)
Silesion is the spell-checked replacement for SQLSession...

Hey Chris,

We have just started using SQLSession recently and will soon be using
Sessions from it site-wide. It was dirt easy to setup and start using.
you offer any comparisons to it and CST inn terms of ease of
use, management, etc.? It would be nice to see the comparisons from an
expert before we dive into SQLSession big time! I would hate to have to
it all 6 months down the road.

ANYTHING you or anyone else can offer on this topic or on using Zope
Sessions is MUCH appreciated!



-----Original Message-----
From: Chris McDonough [mailto:chrism@digicool.com]
Sent: Friday, October 05, 2001 2:31 AM
To: zope@zope.org; zope-announce@zope.org
Subject: [Zope] Core Session Tracking 0.9 Released

Hi Folks,

A new version of the Core Session Tracking product (the first one in six

months!) has been released.  Core Session Tracking is a Product which 
allows you to easily associate transient data with anonymous users.

The product is available from 
http://www.zope.org/Members/mcdonc/Products/CoreSessionTracking.  To 
upgrade from prior releases, just remove the "old" CoreSessionTracking 
product directory and install this one as per the install instructions 
in the help/CoreSessionTracking.stx document.

A list of changes since the last version is:

   - Took advantage of securityinfo module and new BTrees modules.  As
     a result, CST 0.9 is incompatible with releases of Zope prior to
     Zope 2.3.2.

   - Objects are now acquisition-unwrapped before being placed into
     session storage (thanks to Matt Hamilton)

   - A SessionData object's __setitem__ may now be called from a
     Python Script, it failed previously with a security error.

   - Fixed bug in SessionDataManager security assertions which
     made it impossible to change security parameters (thanks to
     Uwe C. Schroeder).

   - Fixed constructor number of parameter bugs (thanks to Chris

   - Fixed bugs that made isTokenFromForm, isTokenFromCookie, and
     isTokenNew methods virtually useless (thanks to Frank Tegtmeyer).

   - added flushTokenCookie method, which deletes the token cookie from
     the client browser with prejudice.  This method is useful when
     you want to start out completely fresh with a different token.

   - Fixed bug which caused a "TypeError: loop over non-sequence" at
     startup under Zope 2.4.X in the Interfaces module which caused
     the product to not be initialized properly. (Thanks to Chris
     Withers and Joachim Werner).

   - Added multithread test cases to testSessionDataManager.

   - SessionFanout _getleaf method made more efficient by making
     allowed_hashes a dictionary (thanks to Anthony Baxter).

   - Added 'getName' alias to SessionData's 'getId' method for
     compatibility with code written for SQLSession (thanks to
     Anthony Baxter).

   - SessionDataContainer keys are now required to be strings
     (thanks to Anthony Baxter).

   - Added a new method to SessionDataManagers, "getSessionDataByKey",
     which provides a way to obtain an arbitrary session data object
     by feeding it a key (as opposed to getSessionData, which always
     obtained the session data object related to the current token).
     A user needs to possess a special permission to be able to do this.

   - Added conflict resolution to (RAM-based, internal) SessionStorage.

   - Made internal data container use "LowConflictConnection" class for
     its ZODB connections.  This class operates differently than the
     standard Connection class because it doesn't raise "read" conflict

   - Removed "AutoExpireMapping" class and merged its functionality into

   - Removed "SessionFanout" module (unecessary because we're not trying
     to support pre-2.3.2 Zopes).

   - Refactored tests slightly.

   - Added SessioningPermissions and common modules.


Chris McDonough                    Zope Corporation
http://www.zope.org             http://www.zope.com
"Killing hundreds of birds with thousands of stones"

Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )