[Zope] How to touch session_data without fingerprints???

Chris McDonough chrism@zope.com
Thu, 18 Jul 2002 23:57:27 -0400


You have found a bug.  :-(

What hasSessionData does is just return "not not
getSessionData(create=0)" (which returns either 1 or 0 depending on
whether getSessionData returns a session data object).

The problem with this is that the "create" flag doesn't mean "dont
create a session data object", it means "dont assign a browser id".
If the user coming in already has a browser id cookie, a session data
object will nonetheless be created as a result of hasSessionData. :-(

A workaround for now is (maybe in an external method) to use the
_hasSessionDataObject method of the session data manager, which takes
a single parameter, "key".  The key should be the user's browser id,
which can be obtained by calling the getBrowserId method of the
browser id manager with the parameter "create=0".
If the user has no browser id, of course you can't call
_hasSessionDataObject, and it's safe to assume that he has no session
data object.

I will fix this for 2.6 so that hasSessionData calls
_hasSessionDataObject instead of getSessionData, thus avoiding the
creation of a new session data object, but your workaround code will
continue to work.  Apologies for the screwup.

Thanks,

- C

----- Original Message -----
From: "Pawel Lewicki" <lewicki@provider.pl>
To: <zope@zope.org>
Sent: Thursday, July 18, 2002 10:43 PM
Subject: [Zope] How to touch session_data without fingerprints???


> Hallo,
> I want to transparently touch the session_data. When I call
functions like
> REQUEST.SESSION.hasSessionData() or getSessionData(create=0) I
create the
> new object in transient object container. Is there any way to avoid
it and
> check if session object exists? Or if not - how to delete only my
session
> object from container? I can use external functions if necessary.
> All the fuss is about counting logged users. I want to limit that
number,
> and I do it by counting the number of  session objects - already
done. The
> problem is that I can't check the number without increasing it :(
Maybe
> there is other way.
>
> Pawel Lewicki
>
>
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>