Re: [Zope] generate unique user id, without cookies

2010-01-04 Thread Tres Seaver
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Jonathan (dev101) wrote:



> If you can't get cookies to work then you need to give users unique links 
> (ie. embed their id in an html link) or force the users to log in.

For ideas on how to do the URL-embedded session ID stuff, take a look at
the URL related APIs of the BrowserIdManager:

  - isBrowserIdFromUrl
  - encodeUrl
  - getAutoUrlEncoding
  - setAutoUrlEncoding

The last two are probably what you want:  if set, they cause all
generated URLs to include the prefix '/{browser_id_name}/{browser_id},
which then gets picked out of the URL and stashed during traversal:
this should give you the behavior you need, assuming that all URLs are
being generated using 'absolute_url' and friends.


Tres.
- --
===
Tres Seaver  +1 540-429-0999  tsea...@palladion.com
Palladion Software   "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAktCPFwACgkQ+gerLs4ltQ4m0ACgxKqJXlwAunOYYlJqrnaKsemJ
7bQAnjsbKOt6lLMd4PUe5iGniKW0MdeB
=Xxka
-END PGP SIGNATURE-

___
Zope maillist  -  Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 https://mail.zope.org/mailman/listinfo/zope-announce
 https://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] generate unique user id, without cookies

2010-01-04 Thread Jonathan (dev101)
> after having some weird issues with Sessions and ZEO usage I've found
> out part of the problem.
> It turns out certain browsers (IE6 mostly) save the session ID cookies,
> but sometimes these disappear. This results in a new _ZopeId being
> generated and thus the new session is empty.
>
> At first i thought it was a session product problem, but in recreating
> this with my own session management (mysql based) the same issue arises.
>
> I don't know why this happens, the only obstacle I'm facing now is to
> create an adequate solution ;)

The cookie approach should work.  You should be able to set persistent 
cookies on the client browsers (unless the browser has cookies disabled, in 
which case you should tell the user that they must enable cookies if they 
want to proceed).

If you can't set persistent cookies then it could be due to a cross-browser 
scripting problem (ie. you are setting a cookie within an iframe that is 
loaded from a third-party site) or you are not setting the appropriate 
fields in the cookie to make it persistent.

You should try to investigate the cause of the "cookie disappearance" (use a 
tool to look at the http headers that are sent/received).

If you can't get cookies to work then you need to give users unique links 
(ie. embed their id in an html link) or force the users to log in.


Jonathan 

___
Zope maillist  -  Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 https://mail.zope.org/mailman/listinfo/zope-announce
 https://mail.zope.org/mailman/listinfo/zope-dev )


[Zope] generate unique user id, without cookies

2010-01-04 Thread Marko Kruijer
after having some weird issues with Sessions and ZEO usage I've found 
out part of the problem.
It turns out certain browsers (IE6 mostly) save the session ID cookies, 
but sometimes these disappear. This results in a new _ZopeId being 
generated and thus the new session is empty.

At first i thought it was a session product problem, but in recreating 
this with my own session management (mysql based) the same issue arises.

I don't know why this happens, the only obstacle I'm facing now is to 
create an adequate solution ;)

Because the cookie method is not flawless we've decided to create a way 
to uniquely determine a user without using a client side cookie, we are 
already using the IP address for this, Of course that is not enough, so 
I was wondering what other 'unique' elements could be used for this. 
I've thought about adding user agent, but this is to general I think.

Internal IP would be ideal, but I'm not sure this can be done (probably 
not).

Maybe there are also 'other' zope session products that work in another 
way and might fix my problems as a whole?





 
___
Zope maillist  -  Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 https://mail.zope.org/mailman/listinfo/zope-announce
 https://mail.zope.org/mailman/listinfo/zope-dev )