[Zope-dev] Re: core session tracking and zope 2.5 integration

Chris McDonough chrism@zope.com
Sat, 6 Oct 2001 02:04:49 -0400 

Joseph,

Sorry about not getting back sooner on this... it's been a long time.

> I haven't yet investigated the feasability of an implementation. However,
> it would be nice to have 3 out-of-the-box choices for acl_users
> folders:
>
>   - the current acl_users folder
>
>   - a new acl_users folder with core session tracking support
>   (ram-based storage)
>
>   - a new acl_users folder with core session tracking support
>   (possibly mounted zeo client storage)
>
> The core session tracking based acl_users folders would hide all of
> the details of installing and setting up the current core session
> tracking product. By combining this with something like the cookie
> crumbler, password-less users authenticated only by session key (user
> name equal to the session key) could be automatically created and
> expired when the session expires.  The session data could also simply
> hang off of the authenticated user object and default roles (or no
> roles at all) could be assigned at the user's creation time.  The
> session based acl_users folder would behave the same as the current
> acl_users folder for users whose expiration time is NONE or less
> than zero.

Well, this sounds interesting.  I think it would be possible to create such
a thing using CST, I'd be interested in seeing an implementation based
around the current CST to "work the kinks out".  Somehow sessioning seems to
always get wrapped up in peoples' minds with authentication, but I see the
two things as independent of one another.  This could be a bridge between
them.

> In essence, it would be really helpful to make the core session
> tracking product as easy to use (and install) as the REQUEST object.

Agreed... we are fighting about this at the moment.

> I need to elaborate more on my thoughts but I thought it would be
> worthwhile to ask if something like this is already in the works
> before I spend too much investigating how to implement such a acl_user
> folder.

No, nothing like this in the works.  It'd be pretty neat to see something
like it, at least as "proof of concept"...

Thanks and sorry for the ridiculous delay,

- C