Session Crumbler

SessionCrumbler provides a session based login for user folders which do not support this.

Current release
Session Crumbler 0.2

Released Mar 14, 2006

Bugfix release (stable).
More about this release…

Download fileGet Session Crumbler for all platforms
Product Package

Project Description

SessionCrumbler provides a session based login for user folders which do not support this. The SessionCrumbler implementation relies on the CookieCrumbler from CMFCore and therefore requires CMFCore product. It is meant to be used in a CMF/Plone or icoya site to provide logins which can time out when the user hasn't done any action within a period of time.

Compared to CookieCrumbler the SessionCrumbler doesn't use a cookie to store the authentication information, but stores the __ac part inside the current user's Zope session (REQUEST.SESSION).

Installation

Copy this product into your Zope instance's Products folder and restart this instance. Afterwards open the ZMI and go into your portal folder. Remove the cookie_authentication object (CookieCrumbler) and add a new SessionCrumbler object with id session_authentication. The SessionCrumbler provides the same properties as the CookieCrumbler. So change their values if required.

NOTE: Only one crumbler can be installed into the same folder at the same time. So you have to remove the CookieCrumbler object before adding a SessionCrumbler.

Usage

Usage is exactly the same as for the CookieCrumbler. You need a login template which posts the required form keys (see properties) to your portal. Only the user name is stored inside a cookie if possible. Any- thing else is stored inside the session.

To configure the session timeout consult the zope session documentation and visit /temp_folder/session_data inside the ZMI.

NOTE: The session timeout is reset on every restart of Zope. To persistently configure the session timeout see the "session-timeout-minutes" directive inside your zope configuration (zope.conf). This only applies for zope 2.7 or higher though.

ZEO Users

Sessions are kept inside a RAM-based container which is not shared among ZEO clients. So if you are using multiple ZEO clients you need a single session folder. A quick solution to get this can be found at zopelabs.

Enjoy

I hope you enjoy using this software. If you have any comments, suggestions or would like to report a bug, send an email to the author:

Simon Eisenmann (simon@struktur.de)