[Zope] More CoreSession/Data Container questions

Chris McDonough chrism@zope.com
Tue, 09 Oct 2001 18:48:40 -0400

This is covered a little bit in the docs, but here's the idea:

- the "session id manager" should really be named a "browser id manager" 
(and likely will be when CST is integrated in to Zope).  It is meant to 
attribute a string (a token) to a particular browser on a particular 
computer.  It helps to think of it like stamping each browser with a 
particular id for some period of time.

- the lifetime of a "session" in common terminology (ala 
ASP/servlets/ColdFusion, etc) is really best matched up with the 
lifetime of a "session data object" in CST.  The fact that, when using 
cookies, the browser has the potential to retain its "browser id" (in 
the form of a persistent cookie) is really not meaningful, because the 
original session data object expires and a new one takes its place. 
This is really a "session".

If you want to keep track of "sessions" using a unique key that 
represents the session data object (as opposed to the token), create a 
session onStart method that computes a random id and stick it in the 
session data object itself.  Then in the onEnd method, do your 
summarizing of data associated with that session data object referenced 
by the key.

In short, you're doing the right thing.  Set the cookie lifetime really 
high (not sure what the max is?).  Set the data container timeout to "0" 
(persistent).  This will keep the session data around forever (which is 
probably a bad idea, but we'll ignore that for the moment), and it will 
only become disconnected from the browser when the person deletes the 
CST cookie; when he reinstalls; or when the cookie times out way in the 

Note that it's probably a good idea to have *some* timeout on the 
session data container if you think that cookies will be lost or 
replaced, etc.  Maybe a month or something.

Wow.  Note that it's cool that Mozilla knows what God meant control-K to 
do (emacs/bash delete to end of line).

CJ Kucera wrote:

> I'm wondering about the relationship between the "Data object timeout
> value" in the Data Container and the "Cookie Lifetime" in the Session
> ID Manager.
> I've set the Cookie Lifetime rather high because I want the sessions
> to basically persist forever, but the value in the Data Container is
> determined in minutes, not days, so I'm a bit confused as to how long
> data from a session will actually persist.
> Could someone clarify this for me?
> Thanks once again for all the help!
> -CJ
> WOW: Rapacious           | A priest advised Voltaire on his death bed to
> apocalyptech.com/wow     |  renounce the devil.  Replied Voltaire, "This
> pez@apocalyptech.com     |              is no time to make new enemies."
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )

Chris McDonough                    Zope Corporation
http://www.zope.org             http://www.zope.com
"Killing hundreds of birds with thousands of stones"