czimmet

Future versions of CookieLess can be found by clicking here

CookieLess

The CookieLess product provides in memory session management via URL rewriting. To enable session tracking, you simply create a folder and put your objects under the folder. When accessing your objects for the first time a session will be created and your url will be rewritten.

For example, if you create a CookieLessSessionManager folder called cookieless, then :

        http://mysite/cookieless/index_html

would be automatically redirected and remapped to :

        http://mysite/cookieless/S__sessionid/index_html  

to store objects via dtml :

        <dtml-call "Session.set('myVariable','somevalue')>

to access myVariable in a later page :

        <dtml-var myVariable>

to ensure that the variable is taken exclusively from the Session object :

        <dtml-with Session only>
                <dtml-var myVariable>
        </dtml-with>

Usage -

Session methods :

                setTimeOut(self,minutes) - set the timeout time. 
                creationTime(self) - returns a DateTime object set to the creation time
                set(self,key,value) - stores a value in the session
                clear(self) - clears all session variables
                keys(self) - returns a list of session variable keys
                get(self,key) - returns the value associated with a particular key
                items(self) - a copy of the list of (key,value) pairs
                has_key(self, key) - returns 1 if session has a key, else 0

Session variables :

                accessedTime - the last time a session was accessed
                timeout - the time in minutes 
                Session - exposes the SessionInstance more easily to dtml
                SESSIONROOT - The absolute url concatenated with the session id

Session Folder Properties :

        expiryURL - optional URL to which Session timeouts will be redirected.
        BypassSessionMgr - When selected turns off CookieLess Session Management. (Use with caution.  Should not be used on a live site)
        timeout - the time in minutes before a session expires.

Known Bugs -

• Session Timeout thread issues a message :

          currentThread(): no current thread for #### on thread startup.
  

• Odd exception with threading in _checkExpired made me put a :

          try: 
          except: pass
  
          However, no visible impact occured in the functionality of the product.
  

• onSessionStartup is called before an AUTHENTICATED_USER is obtained

Changes -

• 0.0.6b (2001/04/19)
  • Added setWORM to make a Session property read only
  • Changed name of __call__ to _newSession due to inner workings of Zope calling this method unexpectedly.
  • Added Thilo Ernst's change for an optional expiryURL property that is used on to redirect on session expiration
  • Added Thilo Ernst's change for a SESSIONROOT property
  • Added Thilo Ernst's fix for a missing tail in the URL: # REQUEST as seen in __bobo_traverse__ # is not the original HTTP request; the URLs are stripped at # the element currently traversed # fortunately the original URL can be reconstructed using # REQUEST['TraversalRequestNameStack'] which contains a (reverse) # list of the missing elements
• 0.0.5b (2000/11/06)
  • Fixed problem in which CookieLessSessionManager would only work when installed directly under the root.
• 0.0.4b (2000/10/11)
  • Fixed Permission problem with SessionInstance
  • SessionInstance no longer inherits from SimpleItem.
• 0.0.3b (2000/10/10)
  • Minor bug fix for not putting manage screens under Session control
  • Changed License to Open Source
• 0.0.2b (2000/10/05)
  • Added default timeout property to the folder
  • Exposed the timeout variable through Session.setTimeOut(minutes)
  • Added creationTime method to get the session's creation time
  • added more documentation in README.txt
  • changed session identifier from $ to S__. Python/Zope internally converts the $ to %24 causing problems with other products.