[Twisted-Python] twisted.web.woven.guard.SessionWrapper problems

Matthias Urlichs smurf at smurf.noris.de
Tue May 13 04:24:14 EDT 2003


Hi,

Glyph Lefkowitz wrote:
> What's problematic about this is that if the user bookmarks a page, or
> exchanges a link, I want to initialize the session without changing the
> URL.  In fact, it's somewhat pointless to have a URL (stateless location
> identifier) that specifically only works if you've initiated a stateful
> conversation.

Well, the whole point of SessionWrapper is that you force a stateful
conversation, otherwise the link wouldn't be behind a session in the first
place. ;-)

Bookmarked links are not a big problem IMHO; the user logged in once, and
they'll unerstand that they'll have to log in again. If that turns out to
be a usability problem, the webmaster could add a "Please use _this_link_
if you want to bookmark this page" footer.

Next on my list will be to understand perspectives and PerspectiveWrapper
and t.w.w.forms in sufficient detail that I can refactor the thing. The
login page is much too static for my taste... plus there might be other
ways to log somebody in than to use a form.

> This, however, I like.  I don't know if cookieKey is the right thing to
> use in the URL there, but having relative URLs that match regardless of
> your session negotiation strategy is a _big_ plus

I think so too. I can't think of anything else to use there that makes
sense; the cookie key is already transmitted to the user anyway. Usually,
if you want "real" persistence, you don't let Twisted randomize it, and
thus it tends to be reasonably short (see Yahoo for an extreme example;
they use single letters... that takes things too far though, IMHO).

-- 
Matthias Urlichs  | {M:U} IT Consulting @ m-u-it.de  |  smurf at smurf.noris.de
Disclaimer: The quote was selected randomly. Really. | http://smurf.noris.de
-- 
"I realized that a psychological need for belief also
 resulted from childhood indoctrination, and that it
 had all the characteristics of addiction."
         [Neal Cary, American Atheists
          National Outreach Director]





More information about the Twisted-Python mailing list