[Zope] Cookieless Session Management

Chris McDonough chrism@zope.com
08 Apr 2003 10:43:31 -0400


On Mon, 2003-04-07 at 18:31, hpinson@indepthl.com wrote:
> Hi Chris-- thanks for the reference.
> 
> Is there some drawback to using a session model that stores session 
> information in server memory (CookielessSession) as opposed to a URL-
> based" sessioning mechanism, like Zope uses?  

Somehow state needs to be kept between requests to implement
sessioning.  (each request to an HTTP server is "fresh", no state is
kept between them, this is why cookies are often used for sessioning
because they implement a means of tracking state between requests).

I'm not sure how CookielessSession does this, but if it doesn't use
cookies, it likely either uses query strings, hidden form elements, or
URL insertions just like the stock Zope sessioning stuff.

> I don't know if you or anyone else has experience with the 
> CookielessSession Product-- it seems to much easier to use than 
> Zope's mechanism.  It has not failed after two projects (light usage 
> only).  

No, sorry, I don't have any experience with it.  If it works for you,
I'd say use it!