[Zope-Checkins] CVS: Zope/lib/python/Products/Sessions - BrowserIdManager.py:1.4 SessionDataManager.py:1.11 SessionInterfaces.py:1.5 SessionPermissions.py:1.3

Chris McDonough chrism@zope.com
Sat, 17 Nov 2001 11:08:11 -0500


Update of /cvs-repository/Zope/lib/python/Products/Sessions
In directory cvs.zope.org:/tmp/cvs-serv27973

Modified Files:
	BrowserIdManager.py SessionDataManager.py SessionInterfaces.py 
	SessionPermissions.py 
Log Message:
As per suggestions by Amos, I changed the terminology used by the browser id manager and session data manager.  Previous to the change, browser ids were known as "tokens".  I've changed this to "browser id" in the docs as well as in all API methods that used the name "token".  Interfaces, permissions, and help have been updated with the changes.


=== Zope/lib/python/Products/Sessions/BrowserIdManager.py 1.3 => 1.4 ===
 b64_untrans = string.maketrans('-.', '+/')
 
-badtokenkeycharsin = re.compile('[\?&;, ]').search
+badidnamecharsin = re.compile('[\?&;, ]').search
 badcookiecharsin = re.compile('[;, ]').search
 twodotsin = re.compile('(\w*\.){2,}').search
 
@@ -105,16 +105,12 @@
 ADD_BROWSER_ID_MANAGER_PERM="Add Browser ID Manager"
 
 def constructBrowserIdManager(
-    self, id, title='', tokenkey='_ZopeId', cookiepri=1, formpri=2,
-    urlpri=0, cookiepath='/', cookiedomain='', cookielifedays=0,
-    cookiesecure=0, REQUEST=None
+    self, id, title='', idname='_ZopeId', location='cookiethenform',
+    cookiepath='/', cookiedomain='', cookielifedays=0, cookiesecure=0,
+    REQUEST=None
     ):
     """ """
-    # flip dictionary and take what's not 0 (god I hate HTML)
-    d = {}
-    for k,v in {'url':urlpri, 'form':formpri, 'cookies':cookiepri}.items():
-        if v: d[v] = k
-    ob = BrowserIdManager(id, title, tokenkey, d, cookiepath,
+    ob = BrowserIdManager(id, title, idname, location, cookiepath,
                           cookiedomain, cookielifedays, cookiesecure)
     self._setObject(id, ob)
     ob = self._getOb(id)
@@ -148,152 +144,124 @@
 
     icon = 'misc_/Sessions/idmgr.gif'
 
-    def __init__(
-        self, id, title='', tokenkey='_ZopeId',
-        tokenkeynamespaces={1:'cookies',2:'form'}, cookiepath=('/'),
-        cookiedomain='', cookielifedays=0, cookiesecure=0, on=1
-        ):
-
-        self.id = id
-        self.title = title
-        self.setTokenKey(tokenkey)
-        self.setTokenKeyNamespaces(tokenkeynamespaces)
+    def __init__(self, id, title='', idname='_ZopeId',
+                 location='cookiesthenform', cookiepath=('/'),
+                 cookiedomain='', cookielifedays=0, cookiesecure=0):
+        self.id = str(id)
+        self.title = str(title)
+        self.setBrowserIdName(idname)
+        self.setBrowserIdLocation(location)
         self.setCookiePath(cookiepath)
         self.setCookieDomain(cookiedomain)
         self.setCookieLifeDays(cookielifedays)
         self.setCookieSecure(cookiesecure)
-        if on:
-            self.turnOn()
-        else:
-            self.turnOff()
 
-    # delegating methods follow
-    # don't forget to change the name of the method in
-    # delegation if you change a delegating method name
-
-    security.declareProtected(ACCESS_CONTENTS_PERM, 'hasToken')
-    def hasToken(self):
-        """ Returns true if there is a current browser token, but does
-        not create a browser token for the current request if one doesn't
+    security.declareProtected(ACCESS_CONTENTS_PERM, 'hasBrowserId')
+    def hasBrowserId(self):
+        """ Returns true if there is a current browser id, but does
+        not create a browser id for the current request if one doesn't
         already exist """
-        if not self.on:
-            return self._delegateToParent('hasToken')
-        if self.getToken(create=0): return 1
+        if self.getBrowserId(create=0): return 1
                 
-    security.declareProtected(ACCESS_CONTENTS_PERM, 'getToken')
-    def getToken(self, create=1):
+    security.declareProtected(ACCESS_CONTENTS_PERM, 'getBrowserId')
+    def getBrowserId(self, create=1):
         """
-        Examines the request and hands back browser token value or
-        None if no token exists.  If there is no browser token
+        Examines the request and hands back browser id value or
+        None if no id exists.  If there is no browser id
         and if 'create' is true, create one.  If cookies are are
-        an allowable id key namespace and create is true, set one.  Stuff
-        the token and the namespace it was found in into the REQUEST object
-        for further reference during this request.  Delegate this call to
-        a parent if we're turned off.
+        an allowable id namespace and create is true, set one.  Stuff
+        the id and the namespace it was found in into the REQUEST object
+        for further reference during this request.
         """
-        if not self.on:
-            return self._delegateToParent('getToken', create)
         REQUEST = self.REQUEST
-        # let's see if token has already been attached to request
-        token = getattr(REQUEST, 'browser_token_', None)
-        if token is not None:
+        # let's see if bid has already been attached to request
+        bid = getattr(REQUEST, 'browser_id_', None)
+        if bid is not None:
             # it's already set in this request so we can just return it
             # if it's well-formed
-            if not self._isAWellFormedToken(token):
+            if not self._isAWellFormedBrowserId(bid):
                 # somebody screwed with the REQUEST instance during
                 # this request.
                 raise BrowserIdManagerErr, (
-                    'Ill-formed token in REQUEST.browser_token_:  %s' % token
+                    'Ill-formed browserid in REQUEST.browser_id_:  %s' % bid
                     )
-            return token
-        # fall through & ck id key namespaces if token is not in request.
-        tk = self.token_key
-        ns = self.token_key_namespaces
+            return bid
+        # fall through & ck id namespaces if bid is not in request.
+        tk = self.browserid_name
+        ns = self.browserid_namespaces
         for name in ns:
-            token = getattr(REQUEST, name).get(tk, None)
-            if token is not None:
-                # hey, we got a token!
-                if self._isAWellFormedToken(token):
-                    # token is not "plain old broken"
-                    REQUEST.browser_token_ = token
-                    REQUEST.browser_token_ns_ = name
-                    return token
-        # fall through if token is invalid or not in key namespaces
+            bid = getattr(REQUEST, name).get(tk, None)
+            if bid is not None:
+                # hey, we got a browser id!
+                if self._isAWellFormedBrowserId(bid):
+                    # bid is not "plain old broken"
+                    REQUEST.browser_id_ = bid
+                    REQUEST.browser_id_ns_ = name
+                    return bid
+        # fall through if bid is invalid or not in namespaces
         if create:
-            # create a brand new token
-            token = self._getNewToken()
+            # create a brand new bid
+            bid = self._getNewBrowserId()
             if 'cookies' in ns:
-                self._setCookie(token, REQUEST)
-            REQUEST.browser_token_ = token
-            REQUEST.browser_token_ns_ = None
-            return token
+                self._setCookie(bid, REQUEST)
+            REQUEST.browser_id_ = bid
+            REQUEST.browser_id_ns_ = None
+            return bid
         # implies a return of None if:
         # (not create=1) and (invalid or ((not in req) and (not in ns)))
 
-    security.declareProtected(ACCESS_CONTENTS_PERM, 'flushTokenCookie')
-    def flushTokenCookie(self):
-        """ removes the token cookie from the client browser """
-        if not self.on:
-            return self._delegateToParent('flushToken')
-        if 'cookies' not in self.token_key_namespaces:
+    security.declareProtected(ACCESS_CONTENTS_PERM, 'flushBrowserIdCookie')
+    def flushBrowserIdCookie(self):
+        """ removes the bid cookie from the client browser """
+        if 'cookies' not in self.browserid_namespaces:
             raise BrowserIdManagerErr,('Cookies are not now being used as a '
-                                       'browser token key namespace, thus '
-                                       'the token cookie cannot be flushed.')
+                                       'browser id namespace, thus the '
+                                       'browserid cookie cannot be flushed.')
         self._setCookie('deleted', self.REQUEST, remove=1)
 
-    security.declareProtected(ACCESS_CONTENTS_PERM, 'isTokenFromCookie')
-    def isTokenFromCookie(self):
-        """ returns true if browser token is from REQUEST.cookies """
-        if not self.on:
-            return self._delegateToParent('isTokenFromCookie')
-        if not self.getToken(): # make sure the token is stuck on REQUEST
-            raise BrowserIdManagerErr, 'There is no current browser token.'
-        if getattr(self.REQUEST, 'browser_token_ns_') == 'cookies':
+    security.declareProtected(ACCESS_CONTENTS_PERM, 'isBrowserIdFromCookie')
+    def isBrowserIdFromCookie(self):
+        """ returns true if browser id is from REQUEST.cookies """
+        if not self.getBrowserId(): # make sure the bid is stuck on REQUEST
+            raise BrowserIdManagerErr, 'There is no current browser id.'
+        if getattr(self.REQUEST, 'browser_id_ns_') == 'cookies':
             return 1
 
-    security.declareProtected(ACCESS_CONTENTS_PERM, 'isTokenFromForm')
-    def isTokenFromForm(self):
-        """ returns true if browser token is from REQUEST.form """
-        if not self.on:
-            return self._delegateToParent('isTokenFromForm')
-        if not self.getToken(): # make sure the token is stuck on REQUEST
-            raise BrowserIdManagerErr, 'There is no current browser token.'
-        if getattr(self.REQUEST, 'browser_token_ns_') == 'form':
+    security.declareProtected(ACCESS_CONTENTS_PERM, 'isBrowserIdFromForm')
+    def isBrowserIdFromForm(self):
+        """ returns true if browser id is from REQUEST.form """
+        if not self.getBrowserId(): # make sure the bid is stuck on REQUEST
+            raise BrowserIdManagerErr, 'There is no current browser id.'
+        if getattr(self.REQUEST, 'browser_id_ns_') == 'form':
             return 1
 
-    security.declareProtected(ACCESS_CONTENTS_PERM, 'isTokenNew')
-    def isTokenNew(self):
+    security.declareProtected(ACCESS_CONTENTS_PERM, 'isBrowserIdNew')
+    def isBrowserIdNew(self):
         """
-        returns true if browser token is 'new', meaning the token exists
+        returns true if browser id is 'new', meaning the id exists
         but it has not yet been acknowledged by the client (the client
         hasn't sent it back to us in a cookie or in a formvar).
         """
-        if not self.on:
-            return self._delegateToParent('isTokenNew')
-        if not self.getToken(): # make sure the token is stuck on REQUEST
-            raise BrowserIdManagerErr, 'There is no current browser token.'
+        if not self.getBrowserId(): # make sure the id is stuck on REQUEST
+            raise BrowserIdManagerErr, 'There is no current browser id.'
         # ns will be None if new, negating None below returns 1, which
         # would indicate that it's new on this request
-        return not getattr(self.REQUEST, 'browser_token_ns_')
+        return not getattr(self.REQUEST, 'browser_id_ns_')
     
     security.declareProtected(ACCESS_CONTENTS_PERM, 'encodeUrl')
     def encodeUrl(self, url, create=1):
         """
-        encode a URL with the browser key as a postfixed query string
+        encode a URL with the browser id as a postfixed query string
         element
         """
-        if not self.on:
-            return self._delegateToParent('encodeUrl', url)
-        token = self.getToken(create)
-        if token is None:
-            raise BrowserIdManagerErr, 'There is no current browser token.'
-        key = self.getTokenKey()
+        bid = self.getBrowserId(create)
+        if bid is None:
+            raise BrowserIdManagerErr, 'There is no current browser id.'
+        name = self.getBrowserIdName()
         if '?' in url:
-            return '%s&%s=%s' % (url, key, token)
+            return '%s&%s=%s' % (url, name, bid)
         else:
-            return '%s?%s=%s' % (url, key, token)
-
-    # non-delegating methods follow
+            return '%s?%s=%s' % (url, name, bid)
 
     security.declareProtected(MGMT_SCREEN_PERM, 'manage_browseridmgr')
     manage_browseridmgr = Globals.DTMLFile('dtml/manageIdManager', globals())
@@ -301,65 +269,93 @@
     security.declareProtected(CHANGE_IDMGR_PERM,
                               'manage_changeBrowserIdManager')
     def manage_changeBrowserIdManager(
-        self, title='', tokenkey='_ZopeId', cookiepri=1, formpri=2,
+        self, title='', idname='_ZopeId', location='cookiesthenform',
         cookiepath='/', cookiedomain='', cookielifedays=0, cookiesecure=0,
-        on=0, REQUEST=None
+        REQUEST=None
         ):
         """ """
-        d = {}
-        for k,v in {'cookies':cookiepri, 'form':formpri}.items():
-            if v: d[v] = k # I hate HTML
         self.title = title
-        self.setTokenKey(tokenkey)
-        self.setTokenKeyNamespaces(d)
+        self.setBrowserIdName(idname)
         self.setCookiePath(cookiepath)
         self.setCookieDomain(cookiedomain)
         self.setCookieLifeDays(cookielifedays)
         self.setCookieSecure(cookiesecure)
-        if on:
-            self.turnOn()
-        else:
-            self.turnOff()
+        self.setBrowserIdLocation(location)
         if REQUEST is not None:
-            return self.manage_browseridmgr(self, REQUEST)
-
-    security.declareProtected(CHANGE_IDMGR_PERM, 'setTokenKey')
-    def setTokenKey(self, k):
-        """ sets browser token key string """
-        if not (type(k) is type('') and k and not badtokenkeycharsin(k)):
-            raise BrowserIdManagerErr, 'Bad id key string %s' % repr(k)
-        self.token_key = k
+            return self.manage_browseridmgr(
+                self, REQUEST, manage_tabs_message = 'Changes saved.'
+                )
 
-    security.declareProtected(ACCESS_CONTENTS_PERM, 'getTokenKey')
-    def getTokenKey(self):
+    security.declareProtected(CHANGE_IDMGR_PERM, 'setBrowserIdName')
+    def setBrowserIdName(self, k):
+        """ sets browser id name string """
+        if not (type(k) is type('') and k and not badidnamecharsin(k)):
+            raise BrowserIdManagerErr, 'Bad id name string %s' % repr(k)
+        self.browserid_name = k
+
+    security.declareProtected(ACCESS_CONTENTS_PERM, 'getBrowserIdName')
+    def getBrowserIdName(self):
         """ """
-        return self.token_key
+        return self.browserid_name
 
-    security.declareProtected(CHANGE_IDMGR_PERM, 'setTokenKeyNamespaces')
-    def setTokenKeyNamespaces(self,namespacesd={1:'cookies',2:'form'}):
+    security.declareProtected(CHANGE_IDMGR_PERM, 'setBrowserIdNamespaces')
+    def setBrowserIdNamespaces(self,namespacesd={1:'cookies',2:'form'}):
         """
-        accepts dictionary e.g. {1: 'cookies', 2: 'form'} as token
-        id key allowable namespaces and lookup ordering priority
+        accepts dictionary e.g. {1: 'cookies', 2: 'form'} as browser
+        id allowable namespaces and lookup ordering priority
         where key is 'priority' with 1 being highest.
         """
-        allowed = self.getAllTokenKeyNamespaces()
+        allowed = self.getAllBrowserIdNamespaces()
         for name in namespacesd.values():
             if name not in allowed:
                 raise BrowserIdManagerErr, (
-                    'Bad id key namespace %s' % repr(name)
+                    'Bad browser id namespace %s' % repr(name)
                     )
-        self.token_key_namespaces = []
+        self.browserid_namespaces = []
         nskeys = namespacesd.keys()
         nskeys.sort()
         for priority in nskeys:
-            self.token_key_namespaces.append(namespacesd[priority])
+            self.browserid_namespaces.append(namespacesd[priority])
 
-    security.declareProtected(ACCESS_CONTENTS_PERM, 'getTokenKeyNamespaces')
-    def getTokenKeyNamespaces(self):
+    security.declareProtected(ACCESS_CONTENTS_PERM, 'getBrowserIdLocation')
+    def getBrowserIdLocation(self):
+        d = {}
+        i = 1
+        for name in self.browserid_namespaces:
+            d[name] = i
+            i = i + 1
+        if d.get('cookies') == 1:
+            if d.get('form'):
+                return 'cookiesthenform'
+            else:
+                return 'cookiesonly'
+        elif d.get('form') == 1:
+            if d.get('cookies'):
+                return 'formthencookies'
+            else:
+                return 'formonly'
+        else:
+            return 'cookiesthenform'
+
+    security.declareProtected(CHANGE_IDMGR_PERM, 'setBrowserIdLocation')
+    def setBrowserIdLocation(self, location):
+        """ accepts a string and turns it into a namespaces dict """
+        if location == 'formthencookies':
+            d = {1:'form', '2':'cookies'}
+        elif location == 'cookiesonly':
+            d = {1:'cookies'}
+        elif location == 'formonly':
+            d = {1:'form'}
+        else:
+            d = {1:'cookies',2:'form'}
+        self.setBrowserIdNamespaces(d)
+
+    security.declareProtected(ACCESS_CONTENTS_PERM, 'getBrowserIdNamespaces')
+    def getBrowserIdNamespaces(self):
         """ """
         d = {}
         i = 1
-        for name in self.token_key_namespaces:
+        for name in self.browserid_namespaces:
             d[i] = name
             i = i + 1
         return d
@@ -428,33 +424,18 @@
         """ """
         return self.cookie_secure
 
-    security.declareProtected(ACCESS_CONTENTS_PERM, 'getAllTokenKeyNamespaces')
-    def getAllTokenKeyNamespaces(self):
+    security.declareProtected(ACCESS_CONTENTS_PERM,'getAllBrowserIdNamespaces')
+    def getAllBrowserIdNamespaces(self):
         """
         These are the REQUEST namespaces searched when looking for an
-        id key value.
+        browser id.
         """
         return ('form', 'cookies')
 
-    security.declareProtected(CHANGE_IDMGR_PERM, 'turnOn')
-    def turnOn(self):
-        """ """
-        self.on = 1
-
-    security.declareProtected(CHANGE_IDMGR_PERM, 'turnOff')
-    def turnOff(self):
-        """ """
-        self.on = 0
-
-    security.declareProtected(ACCESS_CONTENTS_PERM, 'isOn')
-    def isOn(self):
-        """ """
-        return self.on
-
     # non-interface methods follow
 
-    def _getNewToken(self, randint=random.randint, maxint=99999999):
-        """ Returns 19-character string browser token
+    def _getNewBrowserId(self, randint=random.randint, maxint=99999999):
+        """ Returns 19-character string browser id
         'AAAAAAAABBBBBBBB'
         where:
 
@@ -465,21 +446,13 @@
           '=' end-padding is stripped off
           '+' is translated to '-'
           '/' is translated to '.'
+
+        An example is: 89972317A0C3EHnUi90w
         """
         return '%08i%s' % (randint(0, maxint-1), self._getB64TStamp())
-    
-    def _delegateToParent(self, *arg, **kw):
-        fn = arg[0]
-        rest = arg[1:]
-        try:
-            parent_sessidmgr=getattr(self.aq_parent, self.id)
-            parent_fn = getattr(parent_sessidmgr, fn)
-        except AttributeError:
-            raise BrowserIdManagerErr, 'Browser id management disabled'
-        return apply(parent_fn, rest, kw)
 
     def _setCookie(
-        self, token, REQUEST, remove=0, now=time.time, strftime=time.strftime,
+        self, bid, REQUEST, remove=0, now=time.time, strftime=time.strftime,
         gmtime=time.gmtime
         ):
         """ """
@@ -501,11 +474,11 @@
                 return # should we raise an exception?
          
         cookies = REQUEST.RESPONSE.cookies
-        cookie = cookies[self.token_key]= {}
+        cookie = cookies[self.browserid_name]= {}
         for k,v in d.items():
             if v:
                 cookie[k] = v #only stuff things with true values
-        cookie['value'] = token
+        cookie['value'] = bid
         
     def _getB64TStamp(
         self, b2a=binascii.b2a_base64,gmtime=time.gmtime, time=time.time,
@@ -522,19 +495,19 @@
         ):
         return TimeStamp(a2b(translate(ts+'=',b64_untrans))).timeTime()
 
-    def _getTokenPieces(self, token):
-        """ returns browser token parts in a tuple consisting of rand_id,
+    def _getBrowserIdPieces(self, bid):
+        """ returns browser id parts in a tuple consisting of rand_id,
         timestamp
         """
-        return (token[:8], token[8:19])
+        return (bid[:8], bid[8:19])
 
-    def _isAWellFormedToken(self, token, binerr=binascii.Error,
-                            timestamperr=TimeStamp.error):
+    def _isAWellFormedBrowserId(self, bid, binerr=binascii.Error,
+                                timestamperr=TimeStamp.error):
         try:
-            rnd, ts = self._getTokenPieces(token)
+            rnd, ts = self._getBrowserIdPieces(bid)
             int(rnd)
             self._getB64TStampToInt(ts)
-            return token
+            return bid
         except (TypeError, ValueError, AttributeError, IndexError, binerr,
                 timestamperr):
             return None


=== Zope/lib/python/Products/Sessions/SessionDataManager.py 1.10 => 1.11 ===
 from ZPublisher.BeforeTraverse import registerBeforeTraverse, \
     unregisterBeforeTraverse
-import traceback
 
 BID_MGR_NAME = 'browser_id_manager'
 
@@ -103,8 +102,8 @@
 
 ADD_SESSION_DATAMANAGER_PERM="Add Session Data Manager"
 
-def constructSessionDataManager(self, id, title='', path=None, requestName=None,
-                                REQUEST=None):
+def constructSessionDataManager(self, id, title='', path=None,
+                                requestName=None, REQUEST=None):
     """ """
     ob = SessionDataManager(id, path, title, requestName)
     self._setObject(id, ob)
@@ -150,7 +149,7 @@
     security.declareProtected(ACCESS_SESSIONDATA_PERM, 'getSessionData')
     def getSessionData(self, create=1):
         """ """
-        key = self.getBrowserIdManager().getToken(create=create)
+        key = self.getBrowserIdManager().getBrowserId(create=create)
         if key is not None:
             return self._getSessionDataObject(key)
 
@@ -179,23 +178,23 @@
         self.id = id
         self.setContainerPath(path)
         self.setTitle(title)
-
-        if requestName:
-            self._requestSessionName=requestName
-        else:
-            self._requestSessionName=None
+        self._requestSessionName = requestName
 
     security.declareProtected(CHANGE_DATAMGR_PERM, 'manage_changeSDM')
-    def manage_changeSDM(self, title, path=None, requestName=None, REQUEST=None):
+    def manage_changeSDM(self, title, path=None, requestName=None,
+                         REQUEST=None):
         """ """
         self.setContainerPath(path)
         self.setTitle(title)
         if requestName:
-            self.updateTraversalData(requestName)
+            if requestName != self._requestSessionName:
+                self.updateTraversalData(requestName)
         else:
             self.updateTraversalData(None)
         if REQUEST is not None:
-            return self.manage_sessiondatamgr(self, REQUEST)
+            return self.manage_sessiondatamgr(
+                self, REQUEST, manage_tabs_message = 'Changes saved.'
+                )
 
     security.declareProtected(CHANGE_DATAMGR_PERM, 'setTitle')
     def setTitle(self, title):
@@ -271,8 +270,8 @@
                 string.join(self.obpath,'/')
                 )
 
-    security.declareProtected(MGMT_SCREEN_PERM, 'getrequestName')
-    def getrequestName(self):
+    security.declareProtected(MGMT_SCREEN_PERM, 'getRequestName')
+    def getRequestName(self):
         """ """
         return self._requestSessionName or ''
 
@@ -285,9 +284,8 @@
         self.updateTraversalData(None)
 
     def updateTraversalData(self, requestSessionName=None):
-        # Note this cant be called directly at add -- manage_afterAdd will work
-        # though.
-
+        # Note this cant be called directly at add -- manage_afterAdd will
+        # work though.
         parent = self.aq_inner.aq_parent
 
         if getattr(self,'_hasTraversalHook', None):


=== Zope/lib/python/Products/Sessions/SessionInterfaces.py 1.4 => 1.5 ===
     A Zope Browser Id Manager is responsible for assigning ids to site
     visitors, and for servicing requests from Session Data Managers
-    related to the browser token.
+    related to the browser id.
     """
     def encodeUrl(self, url):
         """
-        Encodes a provided URL with the current request's browser token
+        Encodes a provided URL with the current request's browser id
         and returns the result.  For example, the call
         encodeUrl('http://foo.com/amethod') might return
         'http://foo.com/amethod?_ZopeId=as9dfu0adfu0ad'.
 
         Permission required: Access contents information
 
-        Raises:  BrowserIdManagerErr.  If there is no current session token.
+        Raises:  BrowserIdManagerErr.  If there is no current browser id.
         """
 
-    def getTokenKey(self):
+    def getBrowserIdName(self):
         """
         Returns a string with the name of the cookie/form variable which is
         used by the current browser id manager as the name to look up when
-        attempting to obtain the browser token value.  For example, '_ZopeId'.
+        attempting to obtain the browser id value.  For example, '_ZopeId'.
 
         Permission required: Access contents information
         """
 
-    def getToken(self, create=1):
+    def getBrowserId(self, create=1):
         """
-        If create=0, returns a the current browser token or None if there
-        is no browser token associated with the current request.  If create=1,
-        returns the current browser token or a newly-created browser token if
-        there is no browser token associated with the current request.  This
-        method is useful in conjunction with getTokenKey if you wish to embed
-        the token-key/token combination as a hidden value in a POST-based
-        form.  The browser token is opaque, has no business meaning, and its
-        length, type, and composition are subject to change.
+        If create=0, returns a the current browser id or None if there
+        is no browser id associated with the current request.  If create=1,
+        returns the current browser id or a newly-created browser id if
+        there is no browser id associated with the current request.  This
+        method is useful in conjunction with getBrowserIdName if you wish to
+        embed the browser-id-name/browser-id combination as a hidden value in
+        a POST-based form.  The browser id is opaque, has no business meaning,
+        and its length, type, and composition are subject to change.
 
         Permission required: Access contents information
 
-        Raises:  BrowserIdManagerErr.  If ill-formed browser token
+        Raises:  BrowserIdManagerErr.  If ill-formed browser id
         is found in REQUEST.
         """
 
-    def hasToken(self):
+    def hasBrowserId(self):
         """
-        Returns true if there is a browser token for this request.
+        Returns true if there is a browser id for this request.
 
         Permission required: Access contents information
         """
 
-    def isTokenNew(self):
+    def isBrowserIdNew(self):
         """
-        Returns true if browser token is 'new'.  A browser token is 'new'
+        Returns true if browser id is 'new'.  A browser id is 'new'
         when it is first created and the client has therefore not sent it
         back to the server in any request.  
 
         Permission required: Access contents information
 
-        Raises:  BrowserIdManagerErr.  If there is no current browser token.
+        Raises:  BrowserIdManagerErr.  If there is no current browser id.
         """
 
-    def isTokenFromForm(self):
+    def isBrowserIdFromForm(self):
         """
-        Returns true if browser token comes from a form variable (query
+        Returns true if browser id comes from a form variable (query
         string or post).
 
         Permission required: Access contents information
 
-        Raises:  BrowserIdManagerErr.  If there is no current browser token.
+        Raises:  BrowserIdManagerErr.  If there is no current browser id.
         """
 
-    def isTokenFromCookie(self):
+    def isBrowserIdFromCookie(self):
         """
-        Returns true if browser token comes from a cookie.
+        Returns true if browser id comes from a cookie.
 
         Permission required: Access contents information
 
-        Raises:  BrowserIdManagerErr.  If there is no current browser token.
+        Raises:  BrowserIdManagerErr.  If there is no current browser id.
         """
 
-    def flushTokenCookie(self):
+    def flushBrowserIdCookie(self):
         """
-        Deletes the token cookie from the client browser, iff the
-        'cookies' token key namespace is being used.
+        Deletes the browser id cookie from the client browser, iff the
+        'cookies' browser id namespace is being used.
         
         Permission required: Access contents information
 
         Raises:  BrowserIdManagerErr.  If the 'cookies' namespace isn't
-        a token key namespace at the time of the call.
+        a browser id namespace at the time of the call.
         """
 
 class SessionDataManagerInterface(
@@ -193,7 +193,7 @@
     A Zope Session Data Manager is responsible for maintaining Session
     Data Objects, and for servicing requests from application code
     related to Session Data Objects.  It also communicates with a Browser
-    Id Manager to provide information about browser tokens.
+    Id Manager to provide information about browser ids.
     """
     def getBrowserIdManager(self):
         """
@@ -207,9 +207,9 @@
     def getSessionData(self, create=1):
         """
         Returns a Session Data Object associated with the current
-        browser token.  If there is no current token, and create is true,
+        browser id.  If there is no current browser id, and create is true,
         returns a new Session Data Object.  If there is no current
-        token and create is false, returns None.
+        browser id and create is false, returns None.
 
         Permission required: Access session data
         """
@@ -217,7 +217,7 @@
     def hasSessionData(self):
         """
         Returns true if a Session Data Object associated with the
-        current browser token is found in the Session Data Container.  Does
+        current browser id is found in the Session Data Container.  Does
         not create a Session Data Object if one does not exist.
 
         Permission required: Access session data


=== Zope/lib/python/Products/Sessions/SessionPermissions.py 1.2 => 1.3 ===
 ACCESS_SESSIONDATA_PERM = 'Access session data'
 ARBITRARY_SESSIONDATA_PERM = 'Access arbitrary user session data'
-CHANGE_IDMGR_PERM = 'Change Session Id Manager'
+CHANGE_IDMGR_PERM = 'Change Browser Id Manager'
 MANAGE_CONTAINER_PERM = 'Manage Session Data Container'