[Zope] why two session identifiers?

Chris McDonough chrism@zope.com
Mon, 5 Aug 2002 12:55:55 -0400


There is a "browser id".  This is the id assigned to the user's
browser.   It is stored in the cookie that is set on the user's
browser (if you use cookies in sessioning). You can obtain this
value by using REQUEST.SESSION.getContainerKey() or
REQUEST.SESSION.getBrowserIdManager().getBrowserId().  It uniquely
identifies a single browser.

There is a "session id".  This is the id assigned to a user's
session data object.  You can obtain this value by using
REQUEST.SESSION.getId().  This identifier uniquely identifies a
single session by a browser.

A session (and therefore a session id) lasts until the session times
out due to inactivity, typically after 20 minutes of inactivity.
However, a browser id can last for almost as long as you want.  For
example, if you use cookies, you could have the sessioning machinery
cookie timeout set to 2038 or something, and assuming the user never
clears his cookies, and uses the same machine until 2038, he will
always have the same browser id.  During his visits to the site,
however, he will have many sessions, each with its own id.

The session id is not stored or seen on the client in any way, just
the browser id.

HTH,

- C






----- Original Message -----
From: "Mario Bianchi" <kammamuri_mb@hotmail.com>
To: <zope@zope.org>
Sent: Monday, August 05, 2002 12:40 PM
Subject: [Zope] why two session identifiers?


> Dear list,
> could anybody tell me why the Session product assigns a session id
AND a
> session token to a session?
> I've noticed that expiration of the session data object causes (on
a further
> request) the session id to change, while the token stays the same:
any
> explications?
>
> Thanks,
> Mario.
>
> _________________________________________________________________
> MSN Photos is the easiest way to share and print your photos:
> http://photos.msn.com/support/worldwide.aspx
>
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>