[Zope] Zope cookies data point

Chris McDonough chrism@zope.com
07 Sep 2002 16:14:33 -0400


Zope 2.5 does "I".  Zope 2.6 (post alpha-1) does "I" and "II".

What is the "wrong" way?  I suggest you check out the Zope trunk before
passing judgment.

- C


On Sat, 2002-09-07 at 02:58, Andreas Kostyrka wrote:
> Am Die, 2002-08-27 um 00.26 schrieb Chris McDonough:
> > FWIW, Shane mentioned that sessions use cookies, but on the 2.6 branch
> > (the trunk) it's possible to do "cookieless" sessioning via the
> > automatic embedding of browser ids in the URL.  It makes for very ugly
> > URLs, though, and you still need to either post to forms with
> > Zope-generated URLs or embed the browser id in a hidden form element.
> Well, then it's done it the "wrong" way:
> 
> There are three kinds of URLs:
> a) relative
> b) absolute (with or without hostname)
> c) Zope-generated ones (img.tag, obj.absolute_url)
> Now consider how much work they are with these session embedding
> schemas:
> I) FORM parameter.
>    a+b need work
>    c can be automated, but still changes how the url can be used when 
>    generated. (...url and ...url?session=xy are different. For the first
>    one needs ?param=X and for the second one &param=X)
> II) prefix the URL:
>    consider a mapping where the session id is inserted at the beginning
>    and the application object does the session magic:
>    /myfolder/myobject is redirected to /SessNew/myfolder/myobject
>    /SessExisting/myfolder/myobject doesn't need any massaging.
>    /SessExpired/url either resurrects the session or redirects to a new
>    session.
>    Consider the effects on our three kinds:
>    a doesn't need any work.
>    b must be manually massaged.
>    c can be automated AND it's ending is semantically the same as 
>      without session embedded.
> 
> I'd ratehr hope that Zope 2.6 learns especially the second set:
> -) It can be made to work quite transparently.
> -) It can be combined with a cookie session handling.
> -) With sensible handling of expired sessions it also handles 
>    bookmarking well enough.
> 
> Andreas
>    
>    
> 
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )