Hi Tom, > I just read your proposal and I think it would be nice to have such a > standard product in Zope. Certianly since lot's of these 'shopping carts' > websites are popping up on the internet. > I've however one question, which is more generally to e-commerce products > and which perhaps give this product this little extra then others. At the > moment all? these e-commerce products need 'cookies'. To which ecommerce products are you referring? > This implies that the > user needs to have this feature enabled. People who don't want cookies or > just don't know how to set it, will not be able to 'shop'. > Now, isn't there a possible solution for? Yes, url-rewriting. I even saw one product that went as far as too hook into DNS to dynamically create "fake" hosts on-the-fly to use as a session key. > Perhaps not that good as cookies, > but it can be a solution. I believe cookies are placed on the client > computer and that they can stay alive or be removed after a certain time. > So, isn't it possible to mimic these cookies on the server site (while the > session is active)? Mimic, no... not permanently, unless a rewritten URL is bookmarked. The server needs some indication on a request as to what session the client belongs to. Cookies provide this more or less transparently, while URL-rewriting is slightly more intrusive. > The only problem I see is that we need to be sure to > connect the correct server-file with the correct user. But isn't this > possible with information out of the HTTP request? Yes, a cookie or a URL (or POST variables) with a session key embedded somewhere. > This way we create a > file on the server (with a name which uniquely identifies the client) or > zope-object (but this gives the problem that the Zope database will rapidly > grow) A session manager which directly writes files onto the filesystem isn't a scalable solution (sessions cannot be shared across ZEO clients). This is why a nonundoable storage is a related deliverable in this proposal, as it can be shared from ZEO and mounted by several ZEO clients. > when the user starts shopping. When shopping is finished the file is > removed (and eg some information is send to another place sop that people > know something is ordered). The session manager itself checks if certain > session are abandoned and if one is not active (for 20 minutes) it deletes > the file). Yep, there are a few different kinds of garbage collection schemes we can use, this is one. > The contents of the file are the same as what you would place in > cookies. A cookie will almost always hold a session id, and maybe other metadata, but probably never any data used directly by the app. The app will go through the session manager, and won't need to know anything about the contents of the cookie. > If the product would have the possibility to have something like this extra > (ie. you can manually choose to have a client or server cookie (or you let > the product decide it automatically ie cookies on -> client cookie > otherwise server cookie)) this would be a nice thing for Zope againts is > competitors. There is no such thing as a server cookie, but a similar failover-to-URL-rewriting scheme can be made available to developers. _______________________________________________ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )