Re: [Zope] Determining user from session object - who is logged in?
On Thu, 2005-10-13 at 00:26 +0200, Gaute Amundsen wrote: Well, I know that ther might easily be login less sessions, but, is it possible to log have session less logins? Yes. In fact, this is the default for Zope out of the box. Zope's default user folder uses HTTP basic authentication, which doesn't require sessions at all. Ditto for applications that use CookieCrumbler or user folder implementations that use cookies to store credentials. Zope does not create a session for every user by default, just because not all applications require sessions. It's up to the programmer to create use sessions. Usually this just means putting a mention of REQUEST.SESSION in one or more of your scripts or views. The first case would not be a problem. I expect one could easily detect the lack of userdata, and skip altering the session, and in that case would not an addScript let me solve this without resort to external methods, or product code? addScript... sure, doing it this way is likely easy for any given application. It just can't be solved generally for all applications because there's no easily-overrideable do this at login time hook built in to stock Zope (although there are definitely hooks for this in PAS and probably in exUserFolder too). - C ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Determining user from session object - who is logged in?
That cleared things up nicely. I will dig into ExuserFolder (which is our standard) a bit more before i decide. Thanks :) Gaute On Thursday 13 October 2005 10:25, Chris McDonough wrote: On Thu, 2005-10-13 at 00:26 +0200, Gaute Amundsen wrote: Well, I know that ther might easily be login less sessions, but, is it possible to log have session less logins? Yes. In fact, this is the default for Zope out of the box. Zope's default user folder uses HTTP basic authentication, which doesn't require sessions at all. Ditto for applications that use CookieCrumbler or user folder implementations that use cookies to store credentials. Zope does not create a session for every user by default, just because not all applications require sessions. It's up to the programmer to create use sessions. Usually this just means putting a mention of REQUEST.SESSION in one or more of your scripts or views. The first case would not be a problem. I expect one could easily detect the lack of userdata, and skip altering the session, and in that case would not an addScript let me solve this without resort to external methods, or product code? addScript... sure, doing it this way is likely easy for any given application. It just can't be solved generally for all applications because there's no easily-overrideable do this at login time hook built in to stock Zope (although there are definitely hooks for this in PAS and probably in exUserFolder too). - C ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Determining user from session object - who is logged in?
I thought the place to start wold be: /temp_folder/session_data/ I have built a small little thing to play with the contents of that. External method and script below. However I have not been able to figure out a way to connect these sessions with logged in users. I suppose I could make some add/remove actions to log the data somewhere, and then get it from there, but there has to be some more direct way... Any ideas anyone? Gaute. -- def CurrentSessions(self): root = self.getPhysicalRoot() session_data = root.restrictedTraverse('/temp_folder/session_data') return session_data.items() ## Script (Python) view_sessions ##bind container=container ##bind context=context ##bind namespace= ##bind script=script ##bind subpath=traverse_subpath ##parameters= ##title= ## def timeSpan(secs): # seconds - hours, minutes og seconds hours = int(secs/3600) secs = secs % 3600 minutes = int(secs/60) secs = int(secs % 60) return %02d:%02d:%02d % (hours, minutes, secs) print 'View session data' # flush expired objects...? session = context.session_data_manager.getSessionData() session.set('This is','me') data = container.CurrentSessions() print str(len(data)) + ' objects' for i in data: last = i[1].getLastAccessed() made = i[1].getCreated() now = DateTime().timeTime() print i[1].items() print 'Made: '+DateTime(made).strftime('%Y-%m-%d %H:%M:%S') #print 'Last: '+DateTime(last).strftime('%Y-%m-%d %H:%M:%S') #print 'Now: '+DateTime(now).strftime('%Y-%m-%d %H:%M:%S') print 'Used: ' + timeSpan(last - made) print 'Idle: ' + timeSpan(now - last) print '' return printed -- ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Determining user from session object - who is logged in?
On Wed, 2005-10-12 at 19:32 +0200, Gaute Amundsen wrote: I thought the place to start wold be: /temp_folder/session_data/ I have built a small little thing to play with the contents of that. External method and script below. However I have not been able to figure out a way to connect these sessions with logged in users. There is no built-in connection between the two. If you want to do this, you need to use a user folder implementations that keeps credentials in the session. - C ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Determining user from session object - who is logged in?
On Oct 12, 2005, at 4:50 PM, Gaute Amundsen wrote: On Wednesday 12 October 2005 20:19, Chris McDonough wrote: On Wed, 2005-10-12 at 19:32 +0200, Gaute Amundsen wrote: I thought the place to start wold be: /temp_folder/session_data/ I have built a small little thing to play with the contents of that. External method and script below. However I have not been able to figure out a way to connect these sessions with logged in users. There is no built-in connection between the two. If you want to do this, you need to use a user folder implementations that keeps credentials in the session. Hm.. ok. So what strategy would you chose? 1) Tweak ExuserFolder to put credentials in the session. 2) Use an addScript on session_data to put credentials in the session. 3) Use 1 or 2 to put credentials somewhere else? And thanks :) Probably 1, because it's possible for a session to be created without someone being logged in, and exUserFolder is probably really the only thing that knows when someone logs in and out. - C ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Determining user from session object - who is logged in?
On Wednesday 12 October 2005 22:58, Chris McDonough wrote: On Oct 12, 2005, at 4:50 PM, Gaute Amundsen wrote: On Wednesday 12 October 2005 20:19, Chris McDonough wrote: On Wed, 2005-10-12 at 19:32 +0200, Gaute Amundsen wrote: I thought the place to start wold be: /temp_folder/session_data/ I have built a small little thing to play with the contents of that. External method and script below. However I have not been able to figure out a way to connect these sessions with logged in users. There is no built-in connection between the two. If you want to do this, you need to use a user folder implementations that keeps credentials in the session. Hm.. ok. So what strategy would you chose? 1) Tweak ExuserFolder to put credentials in the session. 2) Use an addScript on session_data to put credentials in the session. 3) Use 1 or 2 to put credentials somewhere else? And thanks :) Probably 1, because it's possible for a session to be created without someone being logged in, and exUserFolder is probably really the only thing that knows when someone logs in and out. Well, I know that ther might easily be login less sessions, but, is it possible to log have session less logins? The first case would not be a problem. I expect one could easily detect the lack of userdata, and skip altering the session, and in that case would not an addScript let me solve this without resort to external methods, or product code? Gaute ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )