Changes from stock Plone ======================== This bundle features two modifications from standard Plone:
* adds the new SessionCrumbler product from collective * Uses a modified PlonePAS PlonePAS modifications ---------------------- The PlonePAS modifications are restricted to deactivating the standard cookie authentication handler and installing the new credentials_session_auth plugin. SessionCrumbler product ----------------------- One obvious remark is that this product does not comply with the current preferred layout: no seperate module for interfaces, and no plugins subdirectory - instead everything is put in a the top directory. There is a lot of code to support non-PAS sites. Creating a new branch to remove all the legacy code, cleaning up the product structure and making a PAS-only release The PAS code itself is not complex and implements all require PAS interfaces correctly. Issues ====== The session cookie is stored in the _ZopeId cookie. This is not compatible with CacheFu, which checks only check for __ac cookies and the Authorization header. Since sessions are always a per-user thing this should be fixed in CacheFu (specifically its squid configuration). Using sessions means that ZEO clusters will not work out of the box: the session storage is not shared between ZEO clients. This needs to be explicitly documented in release notes. -- Wichert Akkerman <[EMAIL PROTECTED]> It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. _______________________________________________ Framework-Team mailing list Framework-Team@lists.plone.org http://lists.plone.org/mailman/listinfo/framework-team