Skip to content

Z
Zope
Commit d4c75698 authored by Chris McDonough's avatar Chris McDonough
Browse files
Options

As per suggestions by Amos, I changed the terminology used by the browser id... 

As per suggestions by Amos, I changed the terminology used by the browser id manager and session data manager.  Previous to the change, browser ids were known as "tokens".  I've changed this to "browser id" in the docs as well as in all API methods that used the name "token".  Interfaces, permissions, and help have been updated with the changes.
parent 06dfed3b
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 497 additions and 569 deletions
lib/python/Products/Sessions/SessionDataManager.py
View file @ d4c75698
......@@ -90,7 +90,6 @@ from SessionPermissions import *
from common import DEBUG
from ZPublisher.BeforeTraverse import registerBeforeTraverse, \
unregisterBeforeTraverse
import traceback
BID_MGR_NAME = 'browser_id_manager'
......@@ -103,8 +102,8 @@ constructSessionDataManagerForm = Globals.DTMLFile('dtml/addDataManager',
ADD_SESSION_DATAMANAGER_PERM="Add Session Data Manager"
def constructSessionDataManager(self, id, title='', path=None, requestName=None,
REQUEST=None):
def constructSessionDataManager(self, id, title='', path=None,
requestName=None, REQUEST=None):
""" """
ob = SessionDataManager(id, path, title, requestName)
self._setObject(id, ob)
......@@ -150,7 +149,7 @@ class SessionDataManager(Item, Implicit, Persistent, RoleManager, Owned, Tabs):
security.declareProtected(ACCESS_SESSIONDATA_PERM, 'getSessionData')
def getSessionData(self, create=1):
""" """
key = self.getBrowserIdManager().getToken(create=create)
key = self.getBrowserIdManager().getBrowserId(create=create)
if key is not None:
return self._getSessionDataObject(key)
......@@ -179,23 +178,23 @@ class SessionDataManager(Item, Implicit, Persistent, RoleManager, Owned, Tabs):
self.id = id
self.setContainerPath(path)
self.setTitle(title)
if requestName:
self._requestSessionName=requestName
else:
self._requestSessionName=None
self._requestSessionName = requestName
security.declareProtected(CHANGE_DATAMGR_PERM, 'manage_changeSDM')
def manage_changeSDM(self, title, path=None, requestName=None, REQUEST=None):
def manage_changeSDM(self, title, path=None, requestName=None,
REQUEST=None):
""" """
self.setContainerPath(path)
self.setTitle(title)
if requestName:
self.updateTraversalData(requestName)
if requestName != self._requestSessionName:
self.updateTraversalData(requestName)
else:
self.updateTraversalData(None)
if REQUEST is not None:
return self.manage_sessiondatamgr(self, REQUEST)
return self.manage_sessiondatamgr(
self, REQUEST, manage_tabs_message = 'Changes saved.'
)
security.declareProtected(CHANGE_DATAMGR_PERM, 'setTitle')
def setTitle(self, title):
......@@ -271,8 +270,8 @@ class SessionDataManager(Item, Implicit, Persistent, RoleManager, Owned, Tabs):
string.join(self.obpath,'/')
)
security.declareProtected(MGMT_SCREEN_PERM, 'getrequestName')
def getrequestName(self):
security.declareProtected(MGMT_SCREEN_PERM, 'getRequestName')
def getRequestName(self):
""" """
return self._requestSessionName or ''
......@@ -285,9 +284,8 @@ class SessionDataManager(Item, Implicit, Persistent, RoleManager, Owned, Tabs):
self.updateTraversalData(None)
def updateTraversalData(self, requestSessionName=None):
# Note this cant be called directly at add -- manage_afterAdd will work
# though.
# Note this cant be called directly at add -- manage_afterAdd will
# work though.
parent = self.aq_inner.aq_parent
if getattr(self,'_hasTraversalHook', None):
......
lib/python/Products/Sessions/SessionInterfaces.py
View file @ d4c75698
......@@ -96,92 +96,92 @@ class BrowserIdManagerInterface(
A Zope Browser Id Manager is responsible for assigning ids to site
visitors, and for servicing requests from Session Data Managers
related to the browser token.
related to the browser id.
"""
def encodeUrl(self, url):
"""
Encodes a provided URL with the current request's browser token
Encodes a provided URL with the current request's browser id
and returns the result. For example, the call
encodeUrl('http://foo.com/amethod') might return
'http://foo.com/amethod?_ZopeId=as9dfu0adfu0ad'.
Permission required: Access contents information
Raises: BrowserIdManagerErr. If there is no current session token.
Raises: BrowserIdManagerErr. If there is no current browser id.
"""
def getTokenKey(self):
def getBrowserIdName(self):
"""
Returns a string with the name of the cookie/form variable which is
used by the current browser id manager as the name to look up when
attempting to obtain the browser token value. For example, '_ZopeId'.
attempting to obtain the browser id value. For example, '_ZopeId'.
Permission required: Access contents information
"""
def getToken(self, create=1):
def getBrowserId(self, create=1):
"""
If create=0, returns a the current browser token or None if there
is no browser token associated with the current request. If create=1,
returns the current browser token or a newly-created browser token if
there is no browser token associated with the current request. This
method is useful in conjunction with getTokenKey if you wish to embed
the token-key/token combination as a hidden value in a POST-based
form. The browser token is opaque, has no business meaning, and its
length, type, and composition are subject to change.
If create=0, returns a the current browser id or None if there
is no browser id associated with the current request. If create=1,
returns the current browser id or a newly-created browser id if
there is no browser id associated with the current request. This
method is useful in conjunction with getBrowserIdName if you wish to
embed the browser-id-name/browser-id combination as a hidden value in
a POST-based form. The browser id is opaque, has no business meaning,
and its length, type, and composition are subject to change.
Permission required: Access contents information
Raises: BrowserIdManagerErr. If ill-formed browser token
Raises: BrowserIdManagerErr. If ill-formed browser id
is found in REQUEST.
"""
def hasToken(self):
def hasBrowserId(self):
"""
Returns true if there is a browser token for this request.
Returns true if there is a browser id for this request.
Permission required: Access contents information
"""
def isTokenNew(self):
def isBrowserIdNew(self):
"""
Returns true if browser token is 'new'. A browser token is 'new'
Returns true if browser id is 'new'. A browser id is 'new'
when it is first created and the client has therefore not sent it
back to the server in any request.
Permission required: Access contents information
Raises: BrowserIdManagerErr. If there is no current browser token.
Raises: BrowserIdManagerErr. If there is no current browser id.
"""
def isTokenFromForm(self):
def isBrowserIdFromForm(self):
"""
Returns true if browser token comes from a form variable (query
Returns true if browser id comes from a form variable (query
string or post).
Permission required: Access contents information
Raises: BrowserIdManagerErr. If there is no current browser token.
Raises: BrowserIdManagerErr. If there is no current browser id.
"""
def isTokenFromCookie(self):
def isBrowserIdFromCookie(self):
"""
Returns true if browser token comes from a cookie.
Returns true if browser id comes from a cookie.
Permission required: Access contents information
Raises: BrowserIdManagerErr. If there is no current browser token.
Raises: BrowserIdManagerErr. If there is no current browser id.
"""
def flushTokenCookie(self):
def flushBrowserIdCookie(self):
"""
Deletes the token cookie from the client browser, iff the
'cookies' token key namespace is being used.
Deletes the browser id cookie from the client browser, iff the
'cookies' browser id namespace is being used.
Permission required: Access contents information
Raises: BrowserIdManagerErr. If the 'cookies' namespace isn't
a token key namespace at the time of the call.
a browser id namespace at the time of the call.
"""
class SessionDataManagerInterface(
......@@ -193,7 +193,7 @@ class SessionDataManagerInterface(
A Zope Session Data Manager is responsible for maintaining Session
Data Objects, and for servicing requests from application code
related to Session Data Objects. It also communicates with a Browser
Id Manager to provide information about browser tokens.
Id Manager to provide information about browser ids.
"""
def getBrowserIdManager(self):
"""
......@@ -207,9 +207,9 @@ class SessionDataManagerInterface(
def getSessionData(self, create=1):
"""
Returns a Session Data Object associated with the current
browser token. If there is no current token, and create is true,
browser id. If there is no current browser id, and create is true,
returns a new Session Data Object. If there is no current
token and create is false, returns None.
browser id and create is false, returns None.
Permission required: Access session data
"""
......@@ -217,7 +217,7 @@ class SessionDataManagerInterface(
def hasSessionData(self):
"""
Returns true if a Session Data Object associated with the
current browser token is found in the Session Data Container. Does
current browser id is found in the Session Data Container. Does
not create a Session Data Object if one does not exist.
Permission required: Access session data
......
lib/python/Products/Sessions/SessionPermissions.py
View file @ d4c75698
......@@ -80,5 +80,5 @@ MGMT_SCREEN_PERM = 'View management screens'
ACCESS_CONTENTS_PERM = 'Access contents information'
ACCESS_SESSIONDATA_PERM = 'Access session data'
ARBITRARY_SESSIONDATA_PERM = 'Access arbitrary user session data'
CHANGE_IDMGR_PERM = 'Change Session Id Manager'
CHANGE_IDMGR_PERM = 'Change Browser Id Manager'
MANAGE_CONTAINER_PERM = 'Manage Session Data Container'
lib/python/Products/Sessions/dtml/addDataManager.dtml
View file @ d4c75698
......@@ -15,7 +15,7 @@ objects. Developers interact with a Session Data Manager in order to store
and retrieve information during a user session. A Session Data Manager
communicates with a Browser Id Manager to determine the session information
for the current user, and hands out Session Data Objects related to that
user obtained from a Transient Object Container.
user.
</div>
</tr>
<TR>
......@@ -58,7 +58,7 @@ user obtained from a Transient Object Container.
</td>
<td align="LEFT" valign="TOP">
<input class="form-element" type="TEXT" name="requestName"
value="SESSION">
value="SESSION">
</td>
</tr>
......
lib/python/Products/Sessions/dtml/addIdManager.dtml
View file @ d4c75698
......@@ -9,13 +9,20 @@
<input type=hidden name="id" value="browser_id_manager">
<TABLE CELLSPACING="2">
<tr>
<td>&nbsp;</td>
</tr>
<tr>
<div class="form-help">
Zope Browser Id Manager objects perform the task of setting and retrieving
Zope browser ids for remote users. They are used primarily by Session
Data Manager objects. A Browser Id Manager's 'id' must always be
'browser_id_manager' in order for it to be found by Session Data Managers.
Zope Browser Id Manager objects allow Zope to differentiate between site
visitors by "tagging" each of their browsers with a unique identifier. This
is useful if you need to tell visitors apart from one another even if they do
not "log in" to your site. Browser Id Managers are generally used
by interacting with the Zope sessioning machinery.
</div>
</tr>
<tr>
<td>&nbsp;</td>
</tr>
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<div class="form-label">
......@@ -23,7 +30,7 @@ Data Manager objects. A Browser Id Manager's 'id' must always be
</div>
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<div class="form-label">This object's Zope id will be<br>
<div class="form-label">This object's Zope id must be<br>
"browser_id_manager"
</div>
</TD>
......@@ -41,56 +48,51 @@ Data Manager objects. A Browser Id Manager's 'id' must always be
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<div class="form-label">
Browser Token Key
Browser Id Name
</div>
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<INPUT TYPE="TEXT" NAME="tokenkey" SIZE="20" value="_ZopeId">
<INPUT TYPE="TEXT" NAME="idname" SIZE="20" value="_ZopeId">
</TD>
</TR>
<tr>
<td>&nbsp;</td>
</tr>
<th align="left"><strong><em>Token Key Search Namespaces</strong></em></th>
<th align="left"><strong><em>Priority (1 is highest)</strong></em></th>
<tr>
<th align=left class="form-label">Cookies</th>
<td>
<table border=1>
<tr>
<td align=left>
<input type="radio" name="cookiepri:int" value="1" CHECKED> 1
</td>
<td>
<div align=left class="form-label">Look for Browser Id Name in</th>
</td>
<td>
<table border=0>
<tr>
<td align=left>
<input type="radio" name="cookiepri:int" value="2"> 2
<input type="radio" name="location" value="cookiesonly"> Cookies only
</td>
</tr>
<tr>
<td align=left>
<input type="radio" name="cookiepri:int" value="0"> Off
<input type="radio" name="location" value="cookiesthenform" CHECKED> Cookies then form
</td>
</tr>
</table>
</td>
</tr>
<tr>
<th align=left class="form-label">Form vars</th>
<td align=left>
<table border=1>
<tr>
<td align=left>
<input type="radio" name="formpri:int" value="1"> 1
</td>
<input type="radio" name="location" value="formonly"> Form only
</td>
</tr>
<tr>
<td align=left>
<input type="radio" name="formpri:int" value="2" CHECKED> 2
<input type="radio" name="location" value="formthencookies"> Form then cookies
</td>
<td align=left>
<input type="radio" name="formpri:int" value="0"> Off
</td> </tr>
</table>
</td>
</tr>
<td>&nbsp;</td>
</table>
</td>
</tr>
<tr>
<td>&nbsp;</td>
</tr>
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<div class="form-label">
......
lib/python/Products/Sessions/dtml/manageDataManager.dtml
View file @ d4c75698
......@@ -8,6 +8,20 @@
<form action="manage_changeSDM" method="post">
<table cellspacing="2">
<tr><td>&nbsp;</td></tr>
<tr>
<td class="form-help" colspan=2>
A Session Data Manager object is responsible for maintaining a
relationship between session data objects and Zope browser ids.
It is part of the Zope sessioning machinery. Programmers may
interact with a session data manager in order to obtain
information about session data, but will more often use the
REQUEST.SESSION object to do sessioning-related tasks.
</td>
</tr>
<tr><td>&nbsp;</td></tr>
<tr>
<td align="left" valign="top">
<div class="form-label">
......@@ -40,7 +54,7 @@
</td>
<td align="LEFT" valign="TOP">
<input class="form-element" type="TEXT" name="requestName"
value="&dtml-getrequestName;">
value="&dtml-getRequestName;">
</td>
</tr>
<tr>
......
lib/python/Products/Sessions/dtml/manageIdManager.dtml
View file @ d4c75698
......@@ -7,20 +7,21 @@
<FORM ACTION="manage_changeBrowserIdManager" METHOD="POST">
<TABLE CELLSPACING="2">
<TR>
<dtml-comment>
<TD ALIGN="LEFT" VALIGN="TOP">
<div class="form-label">
Browser Id Mgr On
</div>
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<INPUT TYPE="checkbox" NAME="on"
<dtml-if isOn>CHECKED</dtml-if>>
</TD>
</dtml-comment>
<input type="hidden" name="on" value="1">
</TR>
<tr>
<td>&nbsp;<td>
</tr>
<tr class="form-help">
<td colspan=2>
Zope Browser Id Manager objects allow Zope to differentiate between site
visitors by "tagging" each of their browsers with a unique identifier. This
is useful if you need to tell visitors apart from one another even if they do
not "log in" to your site. Browser Id Managers are generally used
by interacting with the Zope sessioning machinery.
</td>
</tr>
<tr>
<td>&nbsp;<td>
</tr>
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<div class="form-label">
......@@ -34,57 +35,50 @@
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<div class="form-label">
Browser Token Key
Browser Id Name
</div>
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
<INPUT TYPE="TEXT" NAME="tokenkey" SIZE="20" value="&dtml-getTokenKey;">
<INPUT TYPE="TEXT" NAME="idname" SIZE="20" value="&dtml-getBrowserIdName;">
</TD>
</TR>
<th align=left><strong><em>Token Key Search Namespaces</strong></em></th>
<th align=left><strong><em>Priority</strong></em> (1 is highest)</th>
<dtml-let loc=getBrowserIdLocation>
<tr>
<td>
<div align=left class="form-label">Look for Browser Id Name in</th>
</td>
<td>
<table border=0>
<tr>
<th align=left class="form-label">Cookies</th>
<td align=left>
<table border=1>
<tr>
<td align=left>
<input type="radio" name="cookiepri:int" value="1"
<dtml-if "getTokenKeyNamespaces().get(1, _.None) == 'cookies'">CHECKED</dtml-if>>1
</td>
<td align=left>
<input type="radio" name="cookiepri:int" value="2"
<dtml-if "getTokenKeyNamespaces().get(2, _.None) == 'cookies'">CHECKED</dtml-if>>2
</td>
<td align=left>
<input type="radio" name="cookiepri:int" value="0"
<dtml-if "'cookies' not in getTokenKeyNamespaces().values()">CHECKED</dtml-if>>Off
</td>
</tr>
</table>
<input type="radio" name="location" value="cookiesonly"
<dtml-if "loc=='cookiesonly'">CHECKED</dtml-if>> Cookies only
</td>
</tr>
<tr>
<th align=left class="form-label">Form vars</th>
<td align=left>
<table border=1>
<tr>
<td align=left>
<input type="radio" name="formpri:int" value="1"
<dtml-if "getTokenKeyNamespaces().get(1, _.None) == 'form'">CHECKED</dtml-if>>1
<input type="radio" name="location" value="cookiesthenform"
<dtml-if "loc=='cookiesthenform'">CHECKED</dtml-if>> Cookies then form
</td>
</tr>
<tr>
<td align=left>
<input type="radio" name="formpri:int" value="2"
<dtml-if "getTokenKeyNamespaces().get(2, _.None) == 'form'">CHECKED</dtml-if>>2
</td>
<input type="radio" name="location" value="formonly"
<dtml-if "loc=='formonly'">CHECKED</dtml-if>> Form only
</td>
</tr>
<tr>
<td align=left>
<input type="radio" name="formpri:int" value="0"
<dtml-if "'form' not in getTokenKeyNamespaces().values()">CHECKED</dtml-if>>Off
</td>
</tr>
</table>
<input type="radio" name="location" value="formthencookies"
<dtml-if "loc=='formthencookies'">CHECKED</dtml-if>> Form then cookies
</td>
</tr>
</table>
</td>
</tr>
</dtml-let>
<TR>
<TD ALIGN="LEFT" VALIGN="TOP">
<div class="form-label">
......@@ -107,7 +101,7 @@
<div class="form-help">
leave blank to send cookies without domain <br>
info -- however, if cookie domain is not blank,<br>
it must contain at least two dots)
it must contain at least two dots
</div>
</TD>
<TD ALIGN="LEFT" VALIGN="TOP">
......
lib/python/Products/Sessions/help/SessionInterfaces.py
View file @ d4c75698
......@@ -96,92 +96,92 @@ class BrowserIdManagerInterface(
A Zope Browser Id Manager is responsible for assigning ids to site
visitors, and for servicing requests from Session Data Managers
related to the browser token.
related to the browser id.
"""
def encodeUrl(self, url):
"""
Encodes a provided URL with the current request's browser token
Encodes a provided URL with the current request's browser id
and returns the result. For example, the call
encodeUrl('http://foo.com/amethod') might return
'http://foo.com/amethod?_ZopeId=as9dfu0adfu0ad'.
Permission required: Access contents information
Raises: BrowserIdManagerErr. If there is no current session token.
Raises: BrowserIdManagerErr. If there is no current browser id.
"""
def getTokenKey(self):
def getBrowserIdName(self):
"""
Returns a string with the name of the cookie/form variable which is
used by the current browser id manager as the name to look up when
attempting to obtain the browser token value. For example, '_ZopeId'.
attempting to obtain the browser id value. For example, '_ZopeId'.
Permission required: Access contents information
"""
def getToken(self, create=1):
def getBrowserId(self, create=1):
"""
If create=0, returns a the current browser token or None if there
is no browser token associated with the current request. If create=1,
returns the current browser token or a newly-created browser token if
there is no browser token associated with the current request. This
method is useful in conjunction with getTokenKey if you wish to embed
the token-key/token combination as a hidden value in a POST-based
form. The browser token is opaque, has no business meaning, and its
length, type, and composition are subject to change.
If create=0, returns a the current browser id or None if there
is no browser id associated with the current request. If create=1,
returns the current browser id or a newly-created browser id if
there is no browser id associated with the current request. This
method is useful in conjunction with getBrowserIdName if you wish to
embed the browser-id-name/browser-id combination as a hidden value in
a POST-based form. The browser id is opaque, has no business meaning,
and its length, type, and composition are subject to change.
Permission required: Access contents information
Raises: BrowserIdManagerErr. If ill-formed browser token
Raises: BrowserIdManagerErr. If ill-formed browser id
is found in REQUEST.
"""
def hasToken(self):
def hasBrowserId(self):
"""
Returns true if there is a browser token for this request.
Returns true if there is a browser id for this request.
Permission required: Access contents information
"""
def isTokenNew(self):
def isBrowserIdNew(self):
"""
Returns true if browser token is 'new'. A browser token is 'new'
Returns true if browser id is 'new'. A browser id is 'new'
when it is first created and the client has therefore not sent it
back to the server in any request.
Permission required: Access contents information
Raises: BrowserIdManagerErr. If there is no current browser token.
Raises: BrowserIdManagerErr. If there is no current browser id.
"""
def isTokenFromForm(self):
def isBrowserIdFromForm(self):
"""
Returns true if browser token comes from a form variable (query
Returns true if browser id comes from a form variable (query
string or post).
Permission required: Access contents information
Raises: BrowserIdManagerErr. If there is no current browser token.
Raises: BrowserIdManagerErr. If there is no current browser id.
"""
def isTokenFromCookie(self):
def isBrowserIdFromCookie(self):
"""
Returns true if browser token comes from a cookie.
Returns true if browser id comes from a cookie.
Permission required: Access contents information
Raises: BrowserIdManagerErr. If there is no current browser token.
Raises: BrowserIdManagerErr. If there is no current browser id.
"""
def flushTokenCookie(self):
def flushBrowserIdCookie(self):
"""
Deletes the token cookie from the client browser, iff the
'cookies' token key namespace is being used.
Deletes the browser id cookie from the client browser, iff the
'cookies' browser id namespace is being used.
Permission required: Access contents information
Raises: BrowserIdManagerErr. If the 'cookies' namespace isn't
a token key namespace at the time of the call.
a browser id namespace at the time of the call.
"""
class SessionDataManagerInterface(
......@@ -193,7 +193,7 @@ class SessionDataManagerInterface(
A Zope Session Data Manager is responsible for maintaining Session
Data Objects, and for servicing requests from application code
related to Session Data Objects. It also communicates with a Browser
Id Manager to provide information about browser tokens.
Id Manager to provide information about browser ids.
"""
def getBrowserIdManager(self):
"""
......@@ -207,9 +207,9 @@ class SessionDataManagerInterface(
def getSessionData(self, create=1):
"""
Returns a Session Data Object associated with the current
browser token. If there is no current token, and create is true,
browser id. If there is no current browser id, and create is true,
returns a new Session Data Object. If there is no current
token and create is false, returns None.
browser id and create is false, returns None.
Permission required: Access session data
"""
......@@ -217,7 +217,7 @@ class SessionDataManagerInterface(
def hasSessionData(self):
"""
Returns true if a Session Data Object associated with the
current browser token is found in the Session Data Container. Does
current browser id is found in the Session Data Container. Does
not create a Session Data Object if one does not exist.
Permission required: Access session data
......
lib/python/Products/Sessions/help/browser-add.stx
View file @ d4c75698
Browser Id Manager - Add
Though you'll likely interact mostly with "session data manager"
objects while you develop session-aware code, before you can
instantiate a session data manager object, you must instantiate a
"browser id manager." A browser id manager is an object which
doles out and otherwise manages session tokens. All session
data managers need to talk to a browser id manager to get token
information.
You can add an initial browser id manager anywhere in your Zope
tree, but chances are you'll want to create it in your root
folder if you don't anticipate the need for multiple browser id
managers. In other words, just put one browser id manager in
the root Folder unless you have special needs. In the container
of your choosing, select "Browser Id Manager" from the add
dropdown list in the Zope management interface.
A browser id manager is an object which identifies visitors
to your site, even if they don't log in. Browser id managers
are part of the Zope sessioning machinery.
Form options available are:
id -- you cannot choose an 'id' for your browser id manager.
Id -- you cannot choose an 'id' for your browser id manager.
It must always be "browser_id_manager". Additionally, you cannot
rename a browser id manager. This is required in the current
implementation so that session data managers can find browser
id managers via Zope acquisition. This may be changed in a
later release.
title -- the browser id manager title.
Title -- the browser id manager title.
session token key -- the cookie name and/or form variable name
Look for browser id name in -- the cookie name and/or form variable name
used for this browser id manager instance. This will be the
name looked up in the 'cookies' or 'form' REQUEST namespaces
when the browser id manager attempts to find a cookie or form
variable with a session token in it.
token key search namespaces -- choose a "priority" for each
token key namespace. A priority of "1" is highest. For
instance, setting 'cookies' to '1' and 'form vars' to '2'
means that the browser id manager checks for cookies with a
session token first, then form variables second. Choosing
"off" for either 'cookies' or 'form vars' entirely excludes
that namespace from being searched for a session token. The
namepace identifiers ('cookies' and 'form') refer to the
REQUEST namespaces searched for the token key
(ie. REQUEST.cookies, REQUEST.form).
cookie path -- this is the 'path' element which should be sent
variable with a browser id in it.
Browser id location -- select from one of the available
lookup ordering schemes involving cookies and forms
Cookie path -- this is the 'path' element which should be sent
in the session token cookie. For more information, see the
Netscape Cookie specification at
http://home.netscape.com/newsref/std/cookie_spec.html.
cookie domain -- this is the "domain" element which should be
sent in the session token cookie. For more information, see
Cookie domain -- this is the "domain" element which should be
sent in the browser id cookie. For more information, see
the Netscape Cookie specification at
http://home.netscape.com/newsref/std/cookie_spec.html.
Leaving this form element blank results in no domain element
......@@ -58,12 +38,12 @@ Browser Id Manager - Add
value you enter must have at least two dots (as per the cookie
spec).
cookie lifetime in days -- browser id cookies sent to browsers
Cookie lifetime in days -- browser id cookies sent to browsers
will last this many days on a remote system before expiring if
this value is set. If this value is 0, cookies will persist
on client browsers for only as long as the browser is open.
only send cookie over https -- if this flag is set, only send
Only send cookie over https -- if this flag is set, only send
cookies to remote browsers if they're communicating with us
over https. The browser id cookie sent under this
circumstance will also have the 'secure' flag set in it, which
......@@ -81,24 +61,18 @@ Browser Id Manager - Add
Instantiating Multiple Browser Id Managers (Optional)
If you've got special needs, you may want to instantiate more
than one browser id manager. Having multiple browser id
managers may be useful in cases where you have a "secure"
section of a site and an "insecure" section of a site, each
using a different browser id manager with respectively
restrictive security settings. Some special considerations are
required for this setup.
Once you've instantiated one browser id manager, you will not be
able to instantiate another browser id manager in a place where
the new browser id manager can acquire the original browser id
manager via its containment path (for programmers: the session
id manager's class' Zope __replaceable__ property is set to
UNIQUE). This means, practically, that if you wish to have
multiple browser id managers, you need to carefully think about
where they should go, and then you need to place them in the
most deeply-nested containers first, working your way out
towards the root.
If you've got special needs, you may want to instantiate more than
one browser id manager. In its default configuration, Zope will not
allow you to create a browser id manager if one is installed in the
root or in a place where the new browser id manager can acquire the
original browser id manager via its containment path (for
programmers: the session id manager's class' Zope __replaceable__
property is set to UNIQUE). This means, practically, that if you
wish to have multiple browser id managers, you need to carefully
delete the root browser id manager, then you need to place
additional browser id managers in the most deeply-nested containers
first, working your way out towards the root, finally replacing
the root browser id manager if desired.
See Also
......
lib/python/Products/Sessions/help/browser-change.stx
View file @ d4c75698
......@@ -2,32 +2,24 @@ Browser Id Manager - Change
Form options available are:
title -- the browser id manager title.
Title -- the browser id manager title.
session token key -- the cookie name and/or form variable name
Browser id name -- the cookie name and/or form variable name
used for this browser id manager instance. This will be the
name looked up in the 'cookies' or 'form' REQUEST namespaces
when the browser id manager attempts to find a cookie or form
variable with a session token in it.
token key search namespaces -- choose a "priority" for each
token key namespace. A priority of "1" is highest. For
instance, setting 'cookies' to '1' and 'form vars' to '2'
means that the browser id manager checks for cookies with a
session token first, then form variables second. Choosing
"off" for either 'cookies' or 'form vars' entirely excludes
that namespace from being searched for a session token. The
namepace identifiers ('cookies' and 'form') refer to the
REQUEST namespaces searched for the token key
(ie. REQUEST.cookies, REQUEST.form).
cookie path -- this is the 'path' element which should be sent
variable with a browser id in it.
Look for browser id name in -- select from one of the available
lookup ordering schemes involving cookies and forms
Cookie path -- this is the 'path' element which should be sent
in the session token cookie. For more information, see the
Netscape Cookie specification at
http://home.netscape.com/newsref/std/cookie_spec.html.
cookie domain -- this is the "domain" element which should be
sent in the session token cookie. For more information, see
Cookie domain -- this is the "domain" element which should be
sent in the browser id cookie. For more information, see
the Netscape Cookie specification at
http://home.netscape.com/newsref/std/cookie_spec.html.
Leaving this form element blank results in no domain element
......@@ -35,12 +27,12 @@ Browser Id Manager - Change
value you enter must have at least two dots (as per the cookie
spec).
cookie lifetime in days -- browser id cookies sent to browsers
Cookie lifetime in days -- browser id cookies sent to browsers
will last this many days on a remote system before expiring if
this value is set. If this value is 0, cookies will persist
on client browsers for only as long as the browser is open.
only send cookie over https -- if this flag is set, only send
Only send cookie over https -- if this flag is set, only send
cookies to remote browsers if they're communicating with us
over https. The browser id cookie sent under this
circumstance will also have the 'secure' flag set in it, which
......
lib/python/Products/Sessions/help/session-add.stx
View file @ d4c75698
Session Data Manager - Add
After instantiating at least one browser id manager, it's
possible to instantiate a session data manager. You'll need to
do this in order to use session tracking.
A Zope Session Data Manager is responsible for maintaining a
relationship between session data objects and Zope browser ids.
It is part of the Zope sessioning machinery. Programmers will
sometimes interact with a session data manager in order to obtain
information about session data.
You can place a session data manager in any Zope container,as
long as a browser id manager object can be acquired from that
container. The session data manager will use the first acquired
browser id manager which is active (ie. it will use any acquired
browser id manager that has not been been "turned off" via its
Zope management interface).
object named "browser_id_manager" as a browser id manager.
Choose "Session Data Manager" within the container you wish to
house the session data manager from the "Add" dropdown box in
......@@ -27,7 +27,7 @@ Session Data Manager - Add
/temp_folder/transient_container in a default Zope installation.
place SESSION in REQUEST as --
If set, the REQUEST variable will be updated with the session
If set, the REQUEST variable will be populated with the session
object, stored as the given name (default is 'SESSION')
After reviewing and changing these options, click the "Add"
......
lib/python/Products/Sessions/help/session-change.stx
View file @ d4c75698
......@@ -10,7 +10,7 @@ Session Data Manager - Change
/temp_folder/transient_container in a default Zope installation.
place SESSION in REQUEST as --
If set, the REQUEST variable will be updated with the session
If set, the REQUEST variable will be populated with the session
object, stored as the given name (default is 'SESSION')
After reviewing and changing these options, click the "Change"
......
lib/python/Products/Sessions/help/sessionapi-prog.stx
View file @ d4c75698
Session API Programming
Overview
Developers generally *not* interact directly with a Session Data
Manager instance in order to make use of sessioning in Zope.
Sessions allow you to maintain state associated with anonymous
users between requests. A session is a temporary "scratch" area
in which you can store information related to a site visitor.
A "session" ends when a visitor who begins a session neglects to
revisit your site in some number of minutes.
Usage
All of the methods implemented by Session Data Managers, and
Browser Id Managers are fully documented in the
Session API in the "See Also" section below.
Developers will usually interact with the SESSION object stored
in REQUEST in order to perform session-related tasks.
More infrequently, developers will interact directly with
Browser Id Manager and Session Data Manager objects.
Common Programming
Generally, instead of directly interacting with the session data
manager, you use it's built in traversal feature to put a SESSION
object in the REQUEST. This is simple, and fairly intuitive.
In order to manipulate session data, you interact with the
REQUEST.SESSION object.
For example, in DTML you might::
<dtml-with SESSION mapping>
......@@ -26,12 +32,12 @@ Session API Programming
<dtml-var SESSION>
This would print the cart object in the session, or the entire SESSION
object. You could set an
object in the session similarly to how you set it in the REQUEST::
object. You could set an object in the session similarly to how you
set it in the REQUEST::
<dtml-call expr="SESSION.set('cart','this is really more of a wagon')">
You adjust the name of the SESSION object in the management screens
You may change the name of the SESSION object in the management screens
for the session data object. You can do more complex operations on
SESSION data with python scripts, e.g.::
......@@ -42,18 +48,11 @@ Session API Programming
session['cart'] = cart # force a save back to the session
In general, it is better to put manipulation of data in the session in
a python script than it is to do it via DTML or a page template; while
the latter is possible, it would be far better to simply place a session
management call at the top of any page which requires manipulation of
session data.
Tips
Keep in mind that SESSION objects (Which are really Transient Objects)
are basically dictionaries; if you wish to iterate through them in the
context of a DTML-IN expression, you should use something like::
Keep in mind that SESSION objects are a lot like dictionaries; if
you wish to iterate through them in the context of a dtml-in expression,
you should use something like::
<dtml-in expr="SESSION.items()">
<dtml-var sequence-key>: <dtml-var sequence-item>
......
lib/python/Products/Sessions/tests/testBrowserIdManager.py
View file @ d4c75698
......@@ -85,9 +85,9 @@
"""
Test suite for session id manager.
$Id: testBrowserIdManager.py,v 1.2 2001/11/14 13:50:10 matt Exp $
$Id: testBrowserIdManager.py,v 1.3 2001/11/17 16:07:41 chrism Exp $
"""
__version__ = "$Revision: 1.2 $"[11:-2]
__version__ = "$Revision: 1.3 $"[11:-2]
import sys
if __name__ == "__main__":
......@@ -113,19 +113,19 @@ class TestBrowserIdManager(TestCase):
def tearDown(self):
del self.m
def testSetTokenKey(self):
self.m.setTokenKey('foo')
assert self.m.getTokenKey()== 'foo'
def testSetBrowserIdName(self):
self.m.setBrowserIdName('foo')
assert self.m.getBrowserIdName()== 'foo'
def testSetBadKeyString(self):
def testSetBadBrowserIdName(self):
try:
self.m.setTokenKey('')
self.m.setBrowserIdName('')
except BrowserIdManagerErr:
pass
else:
assert 1 == 2
try:
self.m.setTokenKey(1)
self.m.setBrowserIdName(1)
except BrowserIdManagerErr:
pass
else:
......@@ -134,7 +134,7 @@ class TestBrowserIdManager(TestCase):
def testSetBadNamespaces(self):
d = {1:'gummy', 2:'froopy'}
try:
self.m.setTokenKeyNamespaces(d)
self.m.setBrowserIdNamespaces(d)
except BrowserIdManagerErr:
pass
else:
......@@ -142,8 +142,22 @@ class TestBrowserIdManager(TestCase):
def testSetGoodNamespaces(self):
d = {1:'cookies', 2:'form'}
self.m.setTokenKeyNamespaces(d)
assert self.m.getTokenKeyNamespaces() == d
self.m.setBrowserIdNamespaces(d)
assert self.m.getBrowserIdNamespaces() == d
def testSetNamespacesByLocation(self):
self.m.setBrowserIdLocation('cookiesonly')
assert self.m.getBrowserIdNamespaces() == {1:'cookies'}
assert self.m.getBrowserIdLocation() == 'cookiesonly'
self.m.setBrowserIdLocation('cookiesthenform')
assert self.m.getBrowserIdNamespaces() == {1:'cookies', 2:'form'}
assert self.m.getBrowserIdLocation() == 'cookiesthenform'
self.m.setBrowserIdLocation('formonly')
assert self.m.getBrowserIdNamespaces() == {1:'form'}
assert self.m.getBrowserIdLocation() == 'formonly'
self.m.setBrowserIdLocation('formthencookies')
assert self.m.getBrowserIdNamespaces() == {1:'form', 2:'cookies'}
assert self.m.getBrowserIdLocation() == 'formthencookies'
def testSetBadCookiePath(self):
path = '/;'
......@@ -224,131 +238,99 @@ class TestBrowserIdManager(TestCase):
self.m.setCookieSecure(1)
assert self.m.getCookieSecure() == 1
def testDelegateToParent(self):
self.m.turnOff()
try:
a = self.m.hasToken()
except BrowserIdManagerErr:
pass
else:
assert 1==2
def testGetTokenCookie(self):
token = self.m.getToken()
self.m.REQUEST.browser_token_ = token
self.m.REQUEST.browser_token_ns_ = 'cookies'
tokenkey = self.m.getTokenKey()
def testGetBrowserIdCookie(self):
token = self.m.getBrowserId()
self.m.REQUEST.browser_id_ = token
self.m.REQUEST.browser_id_ns_ = 'cookies'
tokenkey = self.m.getBrowserIdName()
self.m.REQUEST.cookies[tokenkey] = token
a = self.m.getToken()
a = self.m.getBrowserId()
assert a == token, repr(a)
assert self.m.isTokenFromCookie()
assert self.m.isBrowserIdFromCookie()
def testSetSessionTokenDontCreate(self):
a = self.m.getToken(0)
def testSetBrowserIdDontCreate(self):
a = self.m.getBrowserId(0)
assert a == None
def testSetSessionTokenCreate(self):
a = self.m.getToken(1)
tokenkey = self.m.getTokenKey()
def testSetBrowserIdCreate(self):
a = self.m.getBrowserId(1)
tokenkey = self.m.getBrowserIdName()
b = self.m.REQUEST.RESPONSE.cookies[tokenkey]
assert a == b['value'], (a, b)
def testHasToken(self):
assert not self.m.hasToken()
a = self.m.getToken()
assert self.m.hasToken()
assert not self.m.hasBrowserId()
a = self.m.getBrowserId()
assert self.m.hasBrowserId()
def testTokenIsNew(self):
a = self.m.getToken()
assert self.m.isTokenNew()
a = self.m.getBrowserId()
assert self.m.isBrowserIdNew()
def testIsTokenFromCookieFirst(self):
token = self.m.getToken()
self.m.REQUEST.browser_token_ = token
self.m.REQUEST.browser_token_ns_ = 'cookies'
tokenkey = self.m.getTokenKey()
def testIsBrowserIdFromCookieFirst(self):
token = self.m.getBrowserId()
self.m.REQUEST.browser_id_ = token
self.m.REQUEST.browser_id_ns_ = 'cookies'
tokenkey = self.m.getBrowserIdName()
self.m.REQUEST.cookies[tokenkey] = token
self.m.setTokenKeyNamespaces({1:'cookies', 2:'form'})
a = self.m.getToken()
assert self.m.isTokenFromCookie()
self.m.setBrowserIdNamespaces({1:'cookies', 2:'form'})
a = self.m.getBrowserId()
assert self.m.isBrowserIdFromCookie()
def testIsTokenFromFormFirst(self):
token = self.m.getToken()
self.m.REQUEST.browser_token_ = token
self.m.REQUEST.browser_token_ns_ = 'form'
tokenkey = self.m.getTokenKey()
def testIsBrowserIdFromFormFirst(self):
token = self.m.getBrowserId()
self.m.REQUEST.browser_id_ = token
self.m.REQUEST.browser_id_ns_ = 'form'
tokenkey = self.m.getBrowserIdName()
self.m.REQUEST.form[tokenkey] = token
self.m.setTokenKeyNamespaces({1:'form', 2:'cookies'})
a = self.m.getToken()
assert self.m.isTokenFromForm()
self.m.setBrowserIdNamespaces({1:'form', 2:'cookies'})
a = self.m.getBrowserId()
assert self.m.isBrowserIdFromForm()
def testIsTokenFromCookieOnly(self):
token = self.m.getToken()
self.m.REQUEST.browser_token_ = token
self.m.REQUEST.browser_token_ns_ = 'cookies'
tokenkey = self.m.getTokenKey()
self.m.REQUEST.cookies[tokenkey] = token
self.m.setTokenKeyNamespaces({1:'cookies'})
a = self.m.getToken()
assert self.m.isTokenFromCookie()
assert not self.m.isTokenFromForm()
token = self.m.getBrowserId()
self.m.REQUEST.browser_id_ = token
self.m.REQUEST.browser_id_ns_ = 'cookies'
tokenkey = self.m.getBrowserIdName()
self.m.REQUEST.form[tokenkey] = token
self.m.setBrowserIdNamespaces({1:'cookies'})
a = self.m.getBrowserId()
assert self.m.isBrowserIdFromCookie()
assert not self.m.isBrowserIdFromForm()
def testIsTokenFromFormOnly(self):
token = self.m.getToken()
self.m.REQUEST.browser_token_ = token
self.m.REQUEST.browser_token_ns_ = 'form'
tokenkey = self.m.getTokenKey()
token = self.m.getBrowserId()
self.m.REQUEST.browser_id_ = token
self.m.REQUEST.browser_id_ns_ = 'form'
tokenkey = self.m.getBrowserIdName()
self.m.REQUEST.form[tokenkey] = token
self.m.setTokenKeyNamespaces({1:'form'})
a = self.m.getToken()
assert self.m.isTokenFromForm()
assert not self.m.isTokenFromCookie()
self.m.setBrowserIdNamespaces({1:'form'})
a = self.m.getBrowserId()
assert not self.m.isBrowserIdFromCookie()
assert self.m.isBrowserIdFromForm()
def testFlushTokenCookie(self):
token = self.m.getToken()
self.m.REQUEST.browser_token_ = token
self.m.REQUEST.browser_token_ns_ = 'cookies'
tokenkey = self.m.getTokenKey()
token = self.m.getBrowserId()
self.m.REQUEST.browser_id_ = token
self.m.REQUEST.browser_id_ns_ = 'cookies'
tokenkey = self.m.getBrowserIdName()
self.m.REQUEST.cookies[tokenkey] = token
a = self.m.getToken()
a = self.m.getBrowserId()
assert a == token, repr(a)
assert self.m.isTokenFromCookie()
self.m.flushTokenCookie()
assert self.m.isBrowserIdFromCookie()
self.m.flushBrowserIdCookie()
c = self.m.REQUEST.RESPONSE.cookies[tokenkey]
assert c['value'] == 'deleted', c
def testDelegateToParentFail(self):
self.m.turnOff()
try:
self.m.getToken()
except BrowserIdManagerErr:
pass
else:
assert 1==2
def testDelegateToParentSucceed(self):
self.m.turnOff()
class foo:
pass
class bar:
def getToken(unself, create=1):
return 'worked'
fooi = foo()
bari = bar()
setattr(fooi, self.m.id, bari)
self.m.aq_parent = fooi
assert self.m.getToken() == 'worked'
def testEncodeUrl(self):
keystring = self.m.getTokenKey()
key = self.m.getToken()
keystring = self.m.getBrowserIdName()
key = self.m.getBrowserId()
u = '/home/chrism/foo'
r = self.m.encodeUrl(u)
assert r == '%s?%s=%s' % (u, keystring, key)
u = 'http://www.zope.org/Members/mcdonc?foo=bar&spam=eggs'
r = self.m.encodeUrl(u)
assert r == '%s&%s=%s' % (u, keystring, key)
def test_suite():
testsuite = makeSuite(TestBrowserIdManager, 'test')
......
lib/python/Products/Sessions/tests/testSessionDataManager.py
View file @ d4c75698
......@@ -202,15 +202,15 @@ class TestSessionManager(TestBase):
sd.invalidate()
assert hasattr(sd, '_invalid')
def testSessionTokenIsSet(self):
def testBrowserIdIsSet(self):
sd = self.app.session_data_manager.getSessionData()
mgr = getattr(self.app, idmgr_name)
assert mgr.hasToken()
assert mgr.hasBrowserId()
def testGetSessionDataByKey(self):
sd = self.app.session_data_manager.getSessionData()
mgr = getattr(self.app, idmgr_name)
token = mgr.getToken()
token = mgr.getBrowserId()
bykeysd = self.app.session_data_manager.getSessionDataByKey(token)
assert sd == bykeysd, (sd, bykeysd, token)
......@@ -324,8 +324,8 @@ class BaseReaderWriter(threading.Thread):
self.conn = db.open()
self.app = self.conn.root()['Application']
self.app = makerequest.makerequest(self.app)
token = self.app.browser_id_manager._getNewToken()
self.app.REQUEST.session_token_ = token
token = self.app.browser_id_manager._getNewBrowserId()
self.app.REQUEST.browser_id_ = token
self.iters = iters
self.sdm_name = sdm_name
self.out = []
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7