[Zope-Annce] Core Session Tracking 0.9 Released

Chris McDonough chrism@zope.com
Fri, 05 Oct 2001 02:31:07 -0400

Hi Folks,

A new version of the Core Session Tracking product (the first one in six 
months!) has been released.  Core Session Tracking is a Product which 
allows you to easily associate transient data with anonymous users.

The product is available from 
http://www.zope.org/Members/mcdonc/Products/CoreSessionTracking.  To 
upgrade from prior releases, just remove the "old" CoreSessionTracking 
product directory and install this one as per the install instructions 
in the help/CoreSessionTracking.stx document.

A list of changes since the last version is:

   - Took advantage of securityinfo module and new BTrees modules.  As
     a result, CST 0.9 is incompatible with releases of Zope prior to
     Zope 2.3.2.

   - Objects are now acquisition-unwrapped before being placed into
     session storage (thanks to Matt Hamilton)

   - A SessionData object's __setitem__ may now be called from a
     Python Script, it failed previously with a security error.

   - Fixed bug in SessionDataManager security assertions which
     made it impossible to change security parameters (thanks to
     Uwe C. Schroeder).

   - Fixed constructor number of parameter bugs (thanks to Chris

   - Fixed bugs that made isTokenFromForm, isTokenFromCookie, and
     isTokenNew methods virtually useless (thanks to Frank Tegtmeyer).

   - added flushTokenCookie method, which deletes the token cookie from
     the client browser with prejudice.  This method is useful when
     you want to start out completely fresh with a different token.

   - Fixed bug which caused a "TypeError: loop over non-sequence" at
     startup under Zope 2.4.X in the Interfaces module which caused
     the product to not be initialized properly. (Thanks to Chris
     Withers and Joachim Werner).

   - Added multithread test cases to testSessionDataManager.

   - SessionFanout _getleaf method made more efficient by making
     allowed_hashes a dictionary (thanks to Anthony Baxter).

   - Added 'getName' alias to SessionData's 'getId' method for
     compatibility with code written for SQLSession (thanks to
     Anthony Baxter).

   - SessionDataContainer keys are now required to be strings
     (thanks to Anthony Baxter).

   - Added a new method to SessionDataManagers, "getSessionDataByKey",
     which provides a way to obtain an arbitrary session data object
     by feeding it a key (as opposed to getSessionData, which always
     obtained the session data object related to the current token).
     A user needs to possess a special permission to be able to do this.

   - Added conflict resolution to (RAM-based, internal) SessionStorage.

   - Made internal data container use "LowConflictConnection" class for
     its ZODB connections.  This class operates differently than the
     standard Connection class because it doesn't raise "read" conflict

   - Removed "AutoExpireMapping" class and merged its functionality into

   - Removed "SessionFanout" module (unecessary because we're not trying
     to support pre-2.3.2 Zopes).

   - Refactored tests slightly.

   - Added SessioningPermissions and common modules.


Chris McDonough                    Zope Corporation
http://www.zope.org             http://www.zope.com
"Killing hundreds of birds with thousands of stones"