[Zope-PAS] Re: [RFC] Extending CookieAuthHelper

Jens Vagelpohl jens at dataflake.org
Fri Nov 12 11:04:21 EST 2004


On Nov 12, 2004, at 15:40, Tres Seaver wrote:

> Jens Vagelpohl wrote:
>
>> Yes, that's a good point and I have thought about it myself. There is 
>> two items that need to be clened up, come to think of it. On the one 
>> hand you have a session, but then there's also a cookie. I'm not sure 
>> yet if I want to re-use the standard sessioning cookie or set my own. 
>> I need to look at how the timeouts in these items are handled by the 
>> standard sessioning machinery.
>
> If you plan to use sessions, you should just rely on the single 
> browser ID cookie which Zope's browser_id_manager gives you already.  
> There is no reason to expire that cookie, ever.

Right, that's what I'm proposing in the summary I sent out half an hour 
ago.

jens



More information about the Zope-PAS mailing list