Commit d4c75698 authored by Chris McDonough's avatar Chris McDonough

As per suggestions by Amos, I changed the terminology used by the browser id...

As per suggestions by Amos, I changed the terminology used by the browser id manager and session data manager.  Previous to the change, browser ids were known as "tokens".  I've changed this to "browser id" in the docs as well as in all API methods that used the name "token".  Interfaces, permissions, and help have been updated with the changes.
parent 06dfed3b
...@@ -90,7 +90,6 @@ from SessionPermissions import * ...@@ -90,7 +90,6 @@ from SessionPermissions import *
from common import DEBUG from common import DEBUG
from ZPublisher.BeforeTraverse import registerBeforeTraverse, \ from ZPublisher.BeforeTraverse import registerBeforeTraverse, \
unregisterBeforeTraverse unregisterBeforeTraverse
import traceback
BID_MGR_NAME = 'browser_id_manager' BID_MGR_NAME = 'browser_id_manager'
...@@ -103,8 +102,8 @@ constructSessionDataManagerForm = Globals.DTMLFile('dtml/addDataManager', ...@@ -103,8 +102,8 @@ constructSessionDataManagerForm = Globals.DTMLFile('dtml/addDataManager',
ADD_SESSION_DATAMANAGER_PERM="Add Session Data Manager" ADD_SESSION_DATAMANAGER_PERM="Add Session Data Manager"
def constructSessionDataManager(self, id, title='', path=None, requestName=None, def constructSessionDataManager(self, id, title='', path=None,
REQUEST=None): requestName=None, REQUEST=None):
""" """ """ """
ob = SessionDataManager(id, path, title, requestName) ob = SessionDataManager(id, path, title, requestName)
self._setObject(id, ob) self._setObject(id, ob)
...@@ -150,7 +149,7 @@ class SessionDataManager(Item, Implicit, Persistent, RoleManager, Owned, Tabs): ...@@ -150,7 +149,7 @@ class SessionDataManager(Item, Implicit, Persistent, RoleManager, Owned, Tabs):
security.declareProtected(ACCESS_SESSIONDATA_PERM, 'getSessionData') security.declareProtected(ACCESS_SESSIONDATA_PERM, 'getSessionData')
def getSessionData(self, create=1): def getSessionData(self, create=1):
""" """ """ """
key = self.getBrowserIdManager().getToken(create=create) key = self.getBrowserIdManager().getBrowserId(create=create)
if key is not None: if key is not None:
return self._getSessionDataObject(key) return self._getSessionDataObject(key)
...@@ -179,23 +178,23 @@ class SessionDataManager(Item, Implicit, Persistent, RoleManager, Owned, Tabs): ...@@ -179,23 +178,23 @@ class SessionDataManager(Item, Implicit, Persistent, RoleManager, Owned, Tabs):
self.id = id self.id = id
self.setContainerPath(path) self.setContainerPath(path)
self.setTitle(title) self.setTitle(title)
self._requestSessionName = requestName
if requestName:
self._requestSessionName=requestName
else:
self._requestSessionName=None
security.declareProtected(CHANGE_DATAMGR_PERM, 'manage_changeSDM') security.declareProtected(CHANGE_DATAMGR_PERM, 'manage_changeSDM')
def manage_changeSDM(self, title, path=None, requestName=None, REQUEST=None): def manage_changeSDM(self, title, path=None, requestName=None,
REQUEST=None):
""" """ """ """
self.setContainerPath(path) self.setContainerPath(path)
self.setTitle(title) self.setTitle(title)
if requestName: if requestName:
self.updateTraversalData(requestName) if requestName != self._requestSessionName:
self.updateTraversalData(requestName)
else: else:
self.updateTraversalData(None) self.updateTraversalData(None)
if REQUEST is not None: if REQUEST is not None:
return self.manage_sessiondatamgr(self, REQUEST) return self.manage_sessiondatamgr(
self, REQUEST, manage_tabs_message = 'Changes saved.'
)
security.declareProtected(CHANGE_DATAMGR_PERM, 'setTitle') security.declareProtected(CHANGE_DATAMGR_PERM, 'setTitle')
def setTitle(self, title): def setTitle(self, title):
...@@ -271,8 +270,8 @@ class SessionDataManager(Item, Implicit, Persistent, RoleManager, Owned, Tabs): ...@@ -271,8 +270,8 @@ class SessionDataManager(Item, Implicit, Persistent, RoleManager, Owned, Tabs):
string.join(self.obpath,'/') string.join(self.obpath,'/')
) )
security.declareProtected(MGMT_SCREEN_PERM, 'getrequestName') security.declareProtected(MGMT_SCREEN_PERM, 'getRequestName')
def getrequestName(self): def getRequestName(self):
""" """ """ """
return self._requestSessionName or '' return self._requestSessionName or ''
...@@ -285,9 +284,8 @@ class SessionDataManager(Item, Implicit, Persistent, RoleManager, Owned, Tabs): ...@@ -285,9 +284,8 @@ class SessionDataManager(Item, Implicit, Persistent, RoleManager, Owned, Tabs):
self.updateTraversalData(None) self.updateTraversalData(None)
def updateTraversalData(self, requestSessionName=None): def updateTraversalData(self, requestSessionName=None):
# Note this cant be called directly at add -- manage_afterAdd will work # Note this cant be called directly at add -- manage_afterAdd will
# though. # work though.
parent = self.aq_inner.aq_parent parent = self.aq_inner.aq_parent
if getattr(self,'_hasTraversalHook', None): if getattr(self,'_hasTraversalHook', None):
......
...@@ -96,92 +96,92 @@ class BrowserIdManagerInterface( ...@@ -96,92 +96,92 @@ class BrowserIdManagerInterface(
A Zope Browser Id Manager is responsible for assigning ids to site A Zope Browser Id Manager is responsible for assigning ids to site
visitors, and for servicing requests from Session Data Managers visitors, and for servicing requests from Session Data Managers
related to the browser token. related to the browser id.
""" """
def encodeUrl(self, url): def encodeUrl(self, url):
""" """
Encodes a provided URL with the current request's browser token Encodes a provided URL with the current request's browser id
and returns the result. For example, the call and returns the result. For example, the call
encodeUrl('http://foo.com/amethod') might return encodeUrl('http://foo.com/amethod') might return
'http://foo.com/amethod?_ZopeId=as9dfu0adfu0ad'. 'http://foo.com/amethod?_ZopeId=as9dfu0adfu0ad'.
Permission required: Access contents information Permission required: Access contents information
Raises: BrowserIdManagerErr. If there is no current session token. Raises: BrowserIdManagerErr. If there is no current browser id.
""" """
def getTokenKey(self): def getBrowserIdName(self):
""" """
Returns a string with the name of the cookie/form variable which is Returns a string with the name of the cookie/form variable which is
used by the current browser id manager as the name to look up when used by the current browser id manager as the name to look up when
attempting to obtain the browser token value. For example, '_ZopeId'. attempting to obtain the browser id value. For example, '_ZopeId'.
Permission required: Access contents information Permission required: Access contents information
""" """
def getToken(self, create=1): def getBrowserId(self, create=1):
""" """
If create=0, returns a the current browser token or None if there If create=0, returns a the current browser id or None if there
is no browser token associated with the current request. If create=1, is no browser id associated with the current request. If create=1,
returns the current browser token or a newly-created browser token if returns the current browser id or a newly-created browser id if
there is no browser token associated with the current request. This there is no browser id associated with the current request. This
method is useful in conjunction with getTokenKey if you wish to embed method is useful in conjunction with getBrowserIdName if you wish to
the token-key/token combination as a hidden value in a POST-based embed the browser-id-name/browser-id combination as a hidden value in
form. The browser token is opaque, has no business meaning, and its a POST-based form. The browser id is opaque, has no business meaning,
length, type, and composition are subject to change. and its length, type, and composition are subject to change.
Permission required: Access contents information Permission required: Access contents information
Raises: BrowserIdManagerErr. If ill-formed browser token Raises: BrowserIdManagerErr. If ill-formed browser id
is found in REQUEST. is found in REQUEST.
""" """
def hasToken(self): def hasBrowserId(self):
""" """
Returns true if there is a browser token for this request. Returns true if there is a browser id for this request.
Permission required: Access contents information Permission required: Access contents information
""" """
def isTokenNew(self): def isBrowserIdNew(self):
""" """
Returns true if browser token is 'new'. A browser token is 'new' Returns true if browser id is 'new'. A browser id is 'new'
when it is first created and the client has therefore not sent it when it is first created and the client has therefore not sent it
back to the server in any request. back to the server in any request.
Permission required: Access contents information Permission required: Access contents information
Raises: BrowserIdManagerErr. If there is no current browser token. Raises: BrowserIdManagerErr. If there is no current browser id.
""" """
def isTokenFromForm(self): def isBrowserIdFromForm(self):
""" """
Returns true if browser token comes from a form variable (query Returns true if browser id comes from a form variable (query
string or post). string or post).
Permission required: Access contents information Permission required: Access contents information
Raises: BrowserIdManagerErr. If there is no current browser token. Raises: BrowserIdManagerErr. If there is no current browser id.
""" """
def isTokenFromCookie(self): def isBrowserIdFromCookie(self):
""" """
Returns true if browser token comes from a cookie. Returns true if browser id comes from a cookie.
Permission required: Access contents information Permission required: Access contents information
Raises: BrowserIdManagerErr. If there is no current browser token. Raises: BrowserIdManagerErr. If there is no current browser id.
""" """
def flushTokenCookie(self): def flushBrowserIdCookie(self):
""" """
Deletes the token cookie from the client browser, iff the Deletes the browser id cookie from the client browser, iff the
'cookies' token key namespace is being used. 'cookies' browser id namespace is being used.
Permission required: Access contents information Permission required: Access contents information
Raises: BrowserIdManagerErr. If the 'cookies' namespace isn't Raises: BrowserIdManagerErr. If the 'cookies' namespace isn't
a token key namespace at the time of the call. a browser id namespace at the time of the call.
""" """
class SessionDataManagerInterface( class SessionDataManagerInterface(
...@@ -193,7 +193,7 @@ class SessionDataManagerInterface( ...@@ -193,7 +193,7 @@ class SessionDataManagerInterface(
A Zope Session Data Manager is responsible for maintaining Session A Zope Session Data Manager is responsible for maintaining Session
Data Objects, and for servicing requests from application code Data Objects, and for servicing requests from application code
related to Session Data Objects. It also communicates with a Browser related to Session Data Objects. It also communicates with a Browser
Id Manager to provide information about browser tokens. Id Manager to provide information about browser ids.
""" """
def getBrowserIdManager(self): def getBrowserIdManager(self):
""" """
...@@ -207,9 +207,9 @@ class SessionDataManagerInterface( ...@@ -207,9 +207,9 @@ class SessionDataManagerInterface(
def getSessionData(self, create=1): def getSessionData(self, create=1):
""" """
Returns a Session Data Object associated with the current Returns a Session Data Object associated with the current
browser token. If there is no current token, and create is true, browser id. If there is no current browser id, and create is true,
returns a new Session Data Object. If there is no current returns a new Session Data Object. If there is no current
token and create is false, returns None. browser id and create is false, returns None.
Permission required: Access session data Permission required: Access session data
""" """
...@@ -217,7 +217,7 @@ class SessionDataManagerInterface( ...@@ -217,7 +217,7 @@ class SessionDataManagerInterface(
def hasSessionData(self): def hasSessionData(self):
""" """
Returns true if a Session Data Object associated with the Returns true if a Session Data Object associated with the
current browser token is found in the Session Data Container. Does current browser id is found in the Session Data Container. Does
not create a Session Data Object if one does not exist. not create a Session Data Object if one does not exist.
Permission required: Access session data Permission required: Access session data
......
...@@ -80,5 +80,5 @@ MGMT_SCREEN_PERM = 'View management screens' ...@@ -80,5 +80,5 @@ MGMT_SCREEN_PERM = 'View management screens'
ACCESS_CONTENTS_PERM = 'Access contents information' ACCESS_CONTENTS_PERM = 'Access contents information'
ACCESS_SESSIONDATA_PERM = 'Access session data' ACCESS_SESSIONDATA_PERM = 'Access session data'
ARBITRARY_SESSIONDATA_PERM = 'Access arbitrary user session data' ARBITRARY_SESSIONDATA_PERM = 'Access arbitrary user session data'
CHANGE_IDMGR_PERM = 'Change Session Id Manager' CHANGE_IDMGR_PERM = 'Change Browser Id Manager'
MANAGE_CONTAINER_PERM = 'Manage Session Data Container' MANAGE_CONTAINER_PERM = 'Manage Session Data Container'
...@@ -15,7 +15,7 @@ objects. Developers interact with a Session Data Manager in order to store ...@@ -15,7 +15,7 @@ objects. Developers interact with a Session Data Manager in order to store
and retrieve information during a user session. A Session Data Manager and retrieve information during a user session. A Session Data Manager
communicates with a Browser Id Manager to determine the session information communicates with a Browser Id Manager to determine the session information
for the current user, and hands out Session Data Objects related to that for the current user, and hands out Session Data Objects related to that
user obtained from a Transient Object Container. user.
</div> </div>
</tr> </tr>
<TR> <TR>
...@@ -58,7 +58,7 @@ user obtained from a Transient Object Container. ...@@ -58,7 +58,7 @@ user obtained from a Transient Object Container.
</td> </td>
<td align="LEFT" valign="TOP"> <td align="LEFT" valign="TOP">
<input class="form-element" type="TEXT" name="requestName" <input class="form-element" type="TEXT" name="requestName"
value="SESSION"> value="SESSION">
</td> </td>
</tr> </tr>
......
...@@ -9,13 +9,20 @@ ...@@ -9,13 +9,20 @@
<input type=hidden name="id" value="browser_id_manager"> <input type=hidden name="id" value="browser_id_manager">
<TABLE CELLSPACING="2"> <TABLE CELLSPACING="2">
<tr> <tr>
<td>&nbsp;</td>
</tr>
<tr>
<div class="form-help"> <div class="form-help">
Zope Browser Id Manager objects perform the task of setting and retrieving Zope Browser Id Manager objects allow Zope to differentiate between site
Zope browser ids for remote users. They are used primarily by Session visitors by "tagging" each of their browsers with a unique identifier. This
Data Manager objects. A Browser Id Manager's 'id' must always be is useful if you need to tell visitors apart from one another even if they do
'browser_id_manager' in order for it to be found by Session Data Managers. not "log in" to your site. Browser Id Managers are generally used
by interacting with the Zope sessioning machinery.
</div> </div>
</tr> </tr>
<tr>
<td>&nbsp;</td>
</tr>
<TR> <TR>
<TD ALIGN="LEFT" VALIGN="TOP"> <TD ALIGN="LEFT" VALIGN="TOP">
<div class="form-label"> <div class="form-label">
...@@ -23,7 +30,7 @@ Data Manager objects. A Browser Id Manager's 'id' must always be ...@@ -23,7 +30,7 @@ Data Manager objects. A Browser Id Manager's 'id' must always be
</div> </div>
</TD> </TD>
<TD ALIGN="LEFT" VALIGN="TOP"> <TD ALIGN="LEFT" VALIGN="TOP">
<div class="form-label">This object's Zope id will be<br> <div class="form-label">This object's Zope id must be<br>
"browser_id_manager" "browser_id_manager"
</div> </div>
</TD> </TD>
...@@ -41,56 +48,51 @@ Data Manager objects. A Browser Id Manager's 'id' must always be ...@@ -41,56 +48,51 @@ Data Manager objects. A Browser Id Manager's 'id' must always be
<TR> <TR>
<TD ALIGN="LEFT" VALIGN="TOP"> <TD ALIGN="LEFT" VALIGN="TOP">
<div class="form-label"> <div class="form-label">
Browser Token Key Browser Id Name
</div> </div>
</TD> </TD>
<TD ALIGN="LEFT" VALIGN="TOP"> <TD ALIGN="LEFT" VALIGN="TOP">
<INPUT TYPE="TEXT" NAME="tokenkey" SIZE="20" value="_ZopeId"> <INPUT TYPE="TEXT" NAME="idname" SIZE="20" value="_ZopeId">
</TD> </TD>
</TR> </TR>
<tr> <tr>
<td>&nbsp;</td> <td>&nbsp;</td>
</tr> </tr>
<th align="left"><strong><em>Token Key Search Namespaces</strong></em></th>
<th align="left"><strong><em>Priority (1 is highest)</strong></em></th>
<tr> <tr>
<th align=left class="form-label">Cookies</th> <td>
<td> <div align=left class="form-label">Look for Browser Id Name in</th>
<table border=1> </td>
<tr> <td>
<td align=left> <table border=0>
<input type="radio" name="cookiepri:int" value="1" CHECKED> 1 <tr>
</td>
<td align=left> <td align=left>
<input type="radio" name="cookiepri:int" value="2"> 2 <input type="radio" name="location" value="cookiesonly"> Cookies only
</td> </td>
</tr>
<tr>
<td align=left> <td align=left>
<input type="radio" name="cookiepri:int" value="0"> Off <input type="radio" name="location" value="cookiesthenform" CHECKED> Cookies then form
</td> </td>
</tr>
</table>
</td>
</tr> </tr>
<tr> <tr>
<th align=left class="form-label">Form vars</th>
<td align=left> <td align=left>
<table border=1> <input type="radio" name="location" value="formonly"> Form only
<tr> </td>
<td align=left> </tr>
<input type="radio" name="formpri:int" value="1"> 1 <tr>
</td>
<td align=left> <td align=left>
<input type="radio" name="formpri:int" value="2" CHECKED> 2 <input type="radio" name="location" value="formthencookies"> Form then cookies
</td> </td>
<td align=left>
<input type="radio" name="formpri:int" value="0"> Off
</td> </tr>
</table>
</td>
</tr> </tr>
<td>&nbsp;</td> </table>
</td>
</tr>
<tr> <tr>
<td>&nbsp;</td>
</tr> </tr>
<TR> <TR>
<TD ALIGN="LEFT" VALIGN="TOP"> <TD ALIGN="LEFT" VALIGN="TOP">
<div class="form-label"> <div class="form-label">
......
...@@ -8,6 +8,20 @@ ...@@ -8,6 +8,20 @@
<form action="manage_changeSDM" method="post"> <form action="manage_changeSDM" method="post">
<table cellspacing="2"> <table cellspacing="2">
<tr><td>&nbsp;</td></tr>
<tr>
<td class="form-help" colspan=2>
A Session Data Manager object is responsible for maintaining a
relationship between session data objects and Zope browser ids.
It is part of the Zope sessioning machinery. Programmers may
interact with a session data manager in order to obtain
information about session data, but will more often use the
REQUEST.SESSION object to do sessioning-related tasks.
</td>
</tr>
<tr><td>&nbsp;</td></tr>
<tr> <tr>
<td align="left" valign="top"> <td align="left" valign="top">
<div class="form-label"> <div class="form-label">
...@@ -40,7 +54,7 @@ ...@@ -40,7 +54,7 @@
</td> </td>
<td align="LEFT" valign="TOP"> <td align="LEFT" valign="TOP">
<input class="form-element" type="TEXT" name="requestName" <input class="form-element" type="TEXT" name="requestName"
value="&dtml-getrequestName;"> value="&dtml-getRequestName;">
</td> </td>
</tr> </tr>
<tr> <tr>
......
...@@ -7,20 +7,21 @@ ...@@ -7,20 +7,21 @@
<FORM ACTION="manage_changeBrowserIdManager" METHOD="POST"> <FORM ACTION="manage_changeBrowserIdManager" METHOD="POST">
<TABLE CELLSPACING="2"> <TABLE CELLSPACING="2">
<TR> <tr>
<dtml-comment> <td>&nbsp;<td>
<TD ALIGN="LEFT" VALIGN="TOP"> </tr>
<div class="form-label"> <tr class="form-help">
Browser Id Mgr On <td colspan=2>
</div> Zope Browser Id Manager objects allow Zope to differentiate between site
</TD> visitors by "tagging" each of their browsers with a unique identifier. This
<TD ALIGN="LEFT" VALIGN="TOP"> is useful if you need to tell visitors apart from one another even if they do
<INPUT TYPE="checkbox" NAME="on" not "log in" to your site. Browser Id Managers are generally used
<dtml-if isOn>CHECKED</dtml-if>> by interacting with the Zope sessioning machinery.
</TD> </td>
</dtml-comment> </tr>
<input type="hidden" name="on" value="1"> <tr>
</TR> <td>&nbsp;<td>
</tr>
<TR> <TR>
<TD ALIGN="LEFT" VALIGN="TOP"> <TD ALIGN="LEFT" VALIGN="TOP">
<div class="form-label"> <div class="form-label">
...@@ -34,57 +35,50 @@ ...@@ -34,57 +35,50 @@
<TR> <TR>
<TD ALIGN="LEFT" VALIGN="TOP"> <TD ALIGN="LEFT" VALIGN="TOP">
<div class="form-label"> <div class="form-label">
Browser Token Key Browser Id Name
</div> </div>
</TD> </TD>
<TD ALIGN="LEFT" VALIGN="TOP"> <TD ALIGN="LEFT" VALIGN="TOP">
<INPUT TYPE="TEXT" NAME="tokenkey" SIZE="20" value="&dtml-getTokenKey;"> <INPUT TYPE="TEXT" NAME="idname" SIZE="20" value="&dtml-getBrowserIdName;">
</TD> </TD>
</TR> </TR>
<th align=left><strong><em>Token Key Search Namespaces</strong></em></th>
<th align=left><strong><em>Priority</strong></em> (1 is highest)</th> <dtml-let loc=getBrowserIdLocation>
<tr>
<td>
<div align=left class="form-label">Look for Browser Id Name in</th>
</td>
<td>
<table border=0>
<tr> <tr>
<th align=left class="form-label">Cookies</th>
<td align=left>
<table border=1>
<tr>
<td align=left>
<input type="radio" name="cookiepri:int" value="1"
<dtml-if "getTokenKeyNamespaces().get(1, _.None) == 'cookies'">CHECKED</dtml-if>>1
</td>
<td align=left>
<input type="radio" name="cookiepri:int" value="2"
<dtml-if "getTokenKeyNamespaces().get(2, _.None) == 'cookies'">CHECKED</dtml-if>>2
</td>
<td align=left> <td align=left>
<input type="radio" name="cookiepri:int" value="0" <input type="radio" name="location" value="cookiesonly"
<dtml-if "'cookies' not in getTokenKeyNamespaces().values()">CHECKED</dtml-if>>Off <dtml-if "loc=='cookiesonly'">CHECKED</dtml-if>> Cookies only
</td>
</tr>
</table>
</td> </td>
</tr> </tr>
<tr> <tr>
<th align=left class="form-label">Form vars</th>
<td align=left> <td align=left>
<table border=1> <input type="radio" name="location" value="cookiesthenform"
<tr> <dtml-if "loc=='cookiesthenform'">CHECKED</dtml-if>> Cookies then form
<td align=left>
<input type="radio" name="formpri:int" value="1"
<dtml-if "getTokenKeyNamespaces().get(1, _.None) == 'form'">CHECKED</dtml-if>>1
</td> </td>
</tr>
<tr>
<td align=left> <td align=left>
<input type="radio" name="formpri:int" value="2" <input type="radio" name="location" value="formonly"
<dtml-if "getTokenKeyNamespaces().get(2, _.None) == 'form'">CHECKED</dtml-if>>2 <dtml-if "loc=='formonly'">CHECKED</dtml-if>> Form only
</td> </td>
</tr>
<tr>
<td align=left> <td align=left>
<input type="radio" name="formpri:int" value="0" <input type="radio" name="location" value="formthencookies"
<dtml-if "'form' not in getTokenKeyNamespaces().values()">CHECKED</dtml-if>>Off <dtml-if "loc=='formthencookies'">CHECKED</dtml-if>> Form then cookies
</td>
</tr>
</table>
</td> </td>
</tr> </tr>
</table>
</td>
</tr>
</dtml-let>
<TR> <TR>
<TD ALIGN="LEFT" VALIGN="TOP"> <TD ALIGN="LEFT" VALIGN="TOP">
<div class="form-label"> <div class="form-label">
...@@ -107,7 +101,7 @@ ...@@ -107,7 +101,7 @@
<div class="form-help"> <div class="form-help">
leave blank to send cookies without domain <br> leave blank to send cookies without domain <br>
info -- however, if cookie domain is not blank,<br> info -- however, if cookie domain is not blank,<br>
it must contain at least two dots) it must contain at least two dots
</div> </div>
</TD> </TD>
<TD ALIGN="LEFT" VALIGN="TOP"> <TD ALIGN="LEFT" VALIGN="TOP">
......
...@@ -96,92 +96,92 @@ class BrowserIdManagerInterface( ...@@ -96,92 +96,92 @@ class BrowserIdManagerInterface(
A Zope Browser Id Manager is responsible for assigning ids to site A Zope Browser Id Manager is responsible for assigning ids to site
visitors, and for servicing requests from Session Data Managers visitors, and for servicing requests from Session Data Managers
related to the browser token. related to the browser id.
""" """
def encodeUrl(self, url): def encodeUrl(self, url):
""" """
Encodes a provided URL with the current request's browser token Encodes a provided URL with the current request's browser id
and returns the result. For example, the call and returns the result. For example, the call
encodeUrl('http://foo.com/amethod') might return encodeUrl('http://foo.com/amethod') might return
'http://foo.com/amethod?_ZopeId=as9dfu0adfu0ad'. 'http://foo.com/amethod?_ZopeId=as9dfu0adfu0ad'.
Permission required: Access contents information Permission required: Access contents information
Raises: BrowserIdManagerErr. If there is no current session token. Raises: BrowserIdManagerErr. If there is no current browser id.
""" """
def getTokenKey(self): def getBrowserIdName(self):
""" """
Returns a string with the name of the cookie/form variable which is Returns a string with the name of the cookie/form variable which is
used by the current browser id manager as the name to look up when used by the current browser id manager as the name to look up when
attempting to obtain the browser token value. For example, '_ZopeId'. attempting to obtain the browser id value. For example, '_ZopeId'.
Permission required: Access contents information Permission required: Access contents information
""" """
def getToken(self, create=1): def getBrowserId(self, create=1):
""" """
If create=0, returns a the current browser token or None if there If create=0, returns a the current browser id or None if there
is no browser token associated with the current request. If create=1, is no browser id associated with the current request. If create=1,
returns the current browser token or a newly-created browser token if returns the current browser id or a newly-created browser id if
there is no browser token associated with the current request. This there is no browser id associated with the current request. This
method is useful in conjunction with getTokenKey if you wish to embed method is useful in conjunction with getBrowserIdName if you wish to
the token-key/token combination as a hidden value in a POST-based embed the browser-id-name/browser-id combination as a hidden value in
form. The browser token is opaque, has no business meaning, and its a POST-based form. The browser id is opaque, has no business meaning,
length, type, and composition are subject to change. and its length, type, and composition are subject to change.
Permission required: Access contents information Permission required: Access contents information
Raises: BrowserIdManagerErr. If ill-formed browser token Raises: BrowserIdManagerErr. If ill-formed browser id
is found in REQUEST. is found in REQUEST.
""" """
def hasToken(self): def hasBrowserId(self):
""" """
Returns true if there is a browser token for this request. Returns true if there is a browser id for this request.
Permission required: Access contents information Permission required: Access contents information
""" """
def isTokenNew(self): def isBrowserIdNew(self):
""" """
Returns true if browser token is 'new'. A browser token is 'new' Returns true if browser id is 'new'. A browser id is 'new'
when it is first created and the client has therefore not sent it when it is first created and the client has therefore not sent it
back to the server in any request. back to the server in any request.
Permission required: Access contents information Permission required: Access contents information
Raises: BrowserIdManagerErr. If there is no current browser token. Raises: BrowserIdManagerErr. If there is no current browser id.
""" """
def isTokenFromForm(self): def isBrowserIdFromForm(self):
""" """
Returns true if browser token comes from a form variable (query Returns true if browser id comes from a form variable (query
string or post). string or post).
Permission required: Access contents information Permission required: Access contents information
Raises: BrowserIdManagerErr. If there is no current browser token. Raises: BrowserIdManagerErr. If there is no current browser id.
""" """
def isTokenFromCookie(self): def isBrowserIdFromCookie(self):
""" """
Returns true if browser token comes from a cookie. Returns true if browser id comes from a cookie.
Permission required: Access contents information Permission required: Access contents information
Raises: BrowserIdManagerErr. If there is no current browser token. Raises: BrowserIdManagerErr. If there is no current browser id.
""" """
def flushTokenCookie(self): def flushBrowserIdCookie(self):
""" """
Deletes the token cookie from the client browser, iff the Deletes the browser id cookie from the client browser, iff the
'cookies' token key namespace is being used. 'cookies' browser id namespace is being used.
Permission required: Access contents information Permission required: Access contents information
Raises: BrowserIdManagerErr. If the 'cookies' namespace isn't Raises: BrowserIdManagerErr. If the 'cookies' namespace isn't
a token key namespace at the time of the call. a browser id namespace at the time of the call.
""" """
class SessionDataManagerInterface( class SessionDataManagerInterface(
...@@ -193,7 +193,7 @@ class SessionDataManagerInterface( ...@@ -193,7 +193,7 @@ class SessionDataManagerInterface(
A Zope Session Data Manager is responsible for maintaining Session A Zope Session Data Manager is responsible for maintaining Session
Data Objects, and for servicing requests from application code Data Objects, and for servicing requests from application code
related to Session Data Objects. It also communicates with a Browser related to Session Data Objects. It also communicates with a Browser
Id Manager to provide information about browser tokens. Id Manager to provide information about browser ids.
""" """
def getBrowserIdManager(self): def getBrowserIdManager(self):
""" """
...@@ -207,9 +207,9 @@ class SessionDataManagerInterface( ...@@ -207,9 +207,9 @@ class SessionDataManagerInterface(
def getSessionData(self, create=1): def getSessionData(self, create=1):
""" """
Returns a Session Data Object associated with the current Returns a Session Data Object associated with the current
browser token. If there is no current token, and create is true, browser id. If there is no current browser id, and create is true,
returns a new Session Data Object. If there is no current returns a new Session Data Object. If there is no current
token and create is false, returns None. browser id and create is false, returns None.
Permission required: Access session data Permission required: Access session data
""" """
...@@ -217,7 +217,7 @@ class SessionDataManagerInterface( ...@@ -217,7 +217,7 @@ class SessionDataManagerInterface(
def hasSessionData(self): def hasSessionData(self):
""" """
Returns true if a Session Data Object associated with the Returns true if a Session Data Object associated with the
current browser token is found in the Session Data Container. Does current browser id is found in the Session Data Container. Does
not create a Session Data Object if one does not exist. not create a Session Data Object if one does not exist.
Permission required: Access session data Permission required: Access session data
......
Browser Id Manager - Add Browser Id Manager - Add
Though you'll likely interact mostly with "session data manager" A browser id manager is an object which identifies visitors
objects while you develop session-aware code, before you can to your site, even if they don't log in. Browser id managers
instantiate a session data manager object, you must instantiate a are part of the Zope sessioning machinery.
"browser id manager." A browser id manager is an object which
doles out and otherwise manages session tokens. All session
data managers need to talk to a browser id manager to get token
information.
You can add an initial browser id manager anywhere in your Zope
tree, but chances are you'll want to create it in your root
folder if you don't anticipate the need for multiple browser id
managers. In other words, just put one browser id manager in
the root Folder unless you have special needs. In the container
of your choosing, select "Browser Id Manager" from the add
dropdown list in the Zope management interface.
Form options available are: Form options available are:
id -- you cannot choose an 'id' for your browser id manager. Id -- you cannot choose an 'id' for your browser id manager.
It must always be "browser_id_manager". Additionally, you cannot It must always be "browser_id_manager". Additionally, you cannot
rename a browser id manager. This is required in the current rename a browser id manager. This is required in the current
implementation so that session data managers can find browser implementation so that session data managers can find browser
id managers via Zope acquisition. This may be changed in a id managers via Zope acquisition. This may be changed in a
later release. later release.
title -- the browser id manager title. Title -- the browser id manager title.
session token key -- the cookie name and/or form variable name Look for browser id name in -- the cookie name and/or form variable name
used for this browser id manager instance. This will be the used for this browser id manager instance. This will be the
name looked up in the 'cookies' or 'form' REQUEST namespaces name looked up in the 'cookies' or 'form' REQUEST namespaces
when the browser id manager attempts to find a cookie or form when the browser id manager attempts to find a cookie or form
variable with a session token in it. variable with a browser id in it.
token key search namespaces -- choose a "priority" for each Browser id location -- select from one of the available
token key namespace. A priority of "1" is highest. For lookup ordering schemes involving cookies and forms
instance, setting 'cookies' to '1' and 'form vars' to '2'
means that the browser id manager checks for cookies with a Cookie path -- this is the 'path' element which should be sent
session token first, then form variables second. Choosing
"off" for either 'cookies' or 'form vars' entirely excludes
that namespace from being searched for a session token. The
namepace identifiers ('cookies' and 'form') refer to the
REQUEST namespaces searched for the token key
(ie. REQUEST.cookies, REQUEST.form).
cookie path -- this is the 'path' element which should be sent
in the session token cookie. For more information, see the in the session token cookie. For more information, see the
Netscape Cookie specification at Netscape Cookie specification at
http://home.netscape.com/newsref/std/cookie_spec.html. http://home.netscape.com/newsref/std/cookie_spec.html.
cookie domain -- this is the "domain" element which should be Cookie domain -- this is the "domain" element which should be
sent in the session token cookie. For more information, see sent in the browser id cookie. For more information, see
the Netscape Cookie specification at the Netscape Cookie specification at
http://home.netscape.com/newsref/std/cookie_spec.html. http://home.netscape.com/newsref/std/cookie_spec.html.
Leaving this form element blank results in no domain element Leaving this form element blank results in no domain element
...@@ -58,12 +38,12 @@ Browser Id Manager - Add ...@@ -58,12 +38,12 @@ Browser Id Manager - Add
value you enter must have at least two dots (as per the cookie value you enter must have at least two dots (as per the cookie
spec). spec).
cookie lifetime in days -- browser id cookies sent to browsers Cookie lifetime in days -- browser id cookies sent to browsers
will last this many days on a remote system before expiring if will last this many days on a remote system before expiring if
this value is set. If this value is 0, cookies will persist this value is set. If this value is 0, cookies will persist
on client browsers for only as long as the browser is open. on client browsers for only as long as the browser is open.
only send cookie over https -- if this flag is set, only send Only send cookie over https -- if this flag is set, only send
cookies to remote browsers if they're communicating with us cookies to remote browsers if they're communicating with us
over https. The browser id cookie sent under this over https. The browser id cookie sent under this
circumstance will also have the 'secure' flag set in it, which circumstance will also have the 'secure' flag set in it, which
...@@ -81,24 +61,18 @@ Browser Id Manager - Add ...@@ -81,24 +61,18 @@ Browser Id Manager - Add
Instantiating Multiple Browser Id Managers (Optional) Instantiating Multiple Browser Id Managers (Optional)
If you've got special needs, you may want to instantiate more If you've got special needs, you may want to instantiate more than
than one browser id manager. Having multiple browser id one browser id manager. In its default configuration, Zope will not
managers may be useful in cases where you have a "secure" allow you to create a browser id manager if one is installed in the
section of a site and an "insecure" section of a site, each root or in a place where the new browser id manager can acquire the
using a different browser id manager with respectively original browser id manager via its containment path (for
restrictive security settings. Some special considerations are programmers: the session id manager's class' Zope __replaceable__
required for this setup. property is set to UNIQUE). This means, practically, that if you
wish to have multiple browser id managers, you need to carefully
Once you've instantiated one browser id manager, you will not be delete the root browser id manager, then you need to place
able to instantiate another browser id manager in a place where additional browser id managers in the most deeply-nested containers
the new browser id manager can acquire the original browser id first, working your way out towards the root, finally replacing
manager via its containment path (for programmers: the session the root browser id manager if desired.
id manager's class' Zope __replaceable__ property is set to
UNIQUE). This means, practically, that if you wish to have
multiple browser id managers, you need to carefully think about
where they should go, and then you need to place them in the
most deeply-nested containers first, working your way out
towards the root.
See Also See Also
......
...@@ -2,32 +2,24 @@ Browser Id Manager - Change ...@@ -2,32 +2,24 @@ Browser Id Manager - Change
Form options available are: Form options available are:
title -- the browser id manager title. Title -- the browser id manager title.
session token key -- the cookie name and/or form variable name Browser id name -- the cookie name and/or form variable name
used for this browser id manager instance. This will be the used for this browser id manager instance. This will be the
name looked up in the 'cookies' or 'form' REQUEST namespaces name looked up in the 'cookies' or 'form' REQUEST namespaces
when the browser id manager attempts to find a cookie or form when the browser id manager attempts to find a cookie or form
variable with a session token in it. variable with a browser id in it.
token key search namespaces -- choose a "priority" for each Look for browser id name in -- select from one of the available
token key namespace. A priority of "1" is highest. For lookup ordering schemes involving cookies and forms
instance, setting 'cookies' to '1' and 'form vars' to '2'
means that the browser id manager checks for cookies with a Cookie path -- this is the 'path' element which should be sent
session token first, then form variables second. Choosing
"off" for either 'cookies' or 'form vars' entirely excludes
that namespace from being searched for a session token. The
namepace identifiers ('cookies' and 'form') refer to the
REQUEST namespaces searched for the token key
(ie. REQUEST.cookies, REQUEST.form).
cookie path -- this is the 'path' element which should be sent
in the session token cookie. For more information, see the in the session token cookie. For more information, see the
Netscape Cookie specification at Netscape Cookie specification at
http://home.netscape.com/newsref/std/cookie_spec.html. http://home.netscape.com/newsref/std/cookie_spec.html.
cookie domain -- this is the "domain" element which should be Cookie domain -- this is the "domain" element which should be
sent in the session token cookie. For more information, see sent in the browser id cookie. For more information, see
the Netscape Cookie specification at the Netscape Cookie specification at
http://home.netscape.com/newsref/std/cookie_spec.html. http://home.netscape.com/newsref/std/cookie_spec.html.
Leaving this form element blank results in no domain element Leaving this form element blank results in no domain element
...@@ -35,12 +27,12 @@ Browser Id Manager - Change ...@@ -35,12 +27,12 @@ Browser Id Manager - Change
value you enter must have at least two dots (as per the cookie value you enter must have at least two dots (as per the cookie
spec). spec).
cookie lifetime in days -- browser id cookies sent to browsers Cookie lifetime in days -- browser id cookies sent to browsers
will last this many days on a remote system before expiring if will last this many days on a remote system before expiring if
this value is set. If this value is 0, cookies will persist this value is set. If this value is 0, cookies will persist
on client browsers for only as long as the browser is open. on client browsers for only as long as the browser is open.
only send cookie over https -- if this flag is set, only send Only send cookie over https -- if this flag is set, only send
cookies to remote browsers if they're communicating with us cookies to remote browsers if they're communicating with us
over https. The browser id cookie sent under this over https. The browser id cookie sent under this
circumstance will also have the 'secure' flag set in it, which circumstance will also have the 'secure' flag set in it, which
......
Session Data Manager - Add Session Data Manager - Add
After instantiating at least one browser id manager, it's A Zope Session Data Manager is responsible for maintaining a
possible to instantiate a session data manager. You'll need to relationship between session data objects and Zope browser ids.
do this in order to use session tracking. It is part of the Zope sessioning machinery. Programmers will
sometimes interact with a session data manager in order to obtain
information about session data.
You can place a session data manager in any Zope container,as You can place a session data manager in any Zope container,as
long as a browser id manager object can be acquired from that long as a browser id manager object can be acquired from that
container. The session data manager will use the first acquired container. The session data manager will use the first acquired
browser id manager which is active (ie. it will use any acquired object named "browser_id_manager" as a browser id manager.
browser id manager that has not been been "turned off" via its
Zope management interface).
Choose "Session Data Manager" within the container you wish to Choose "Session Data Manager" within the container you wish to
house the session data manager from the "Add" dropdown box in house the session data manager from the "Add" dropdown box in
...@@ -27,7 +27,7 @@ Session Data Manager - Add ...@@ -27,7 +27,7 @@ Session Data Manager - Add
/temp_folder/transient_container in a default Zope installation. /temp_folder/transient_container in a default Zope installation.
place SESSION in REQUEST as -- place SESSION in REQUEST as --
If set, the REQUEST variable will be updated with the session If set, the REQUEST variable will be populated with the session
object, stored as the given name (default is 'SESSION') object, stored as the given name (default is 'SESSION')
After reviewing and changing these options, click the "Add" After reviewing and changing these options, click the "Add"
......
...@@ -10,7 +10,7 @@ Session Data Manager - Change ...@@ -10,7 +10,7 @@ Session Data Manager - Change
/temp_folder/transient_container in a default Zope installation. /temp_folder/transient_container in a default Zope installation.
place SESSION in REQUEST as -- place SESSION in REQUEST as --
If set, the REQUEST variable will be updated with the session If set, the REQUEST variable will be populated with the session
object, stored as the given name (default is 'SESSION') object, stored as the given name (default is 'SESSION')
After reviewing and changing these options, click the "Change" After reviewing and changing these options, click the "Change"
......
Session API Programming Session API Programming
Overview Overview
Developers generally *not* interact directly with a Session Data Sessions allow you to maintain state associated with anonymous
Manager instance in order to make use of sessioning in Zope. users between requests. A session is a temporary "scratch" area
in which you can store information related to a site visitor.
A "session" ends when a visitor who begins a session neglects to
revisit your site in some number of minutes.
Usage
All of the methods implemented by Session Data Managers, and Developers will usually interact with the SESSION object stored
Browser Id Managers are fully documented in the in REQUEST in order to perform session-related tasks.
Session API in the "See Also" section below.
More infrequently, developers will interact directly with
Browser Id Manager and Session Data Manager objects.
Common Programming Common Programming
Generally, instead of directly interacting with the session data In order to manipulate session data, you interact with the
manager, you use it's built in traversal feature to put a SESSION REQUEST.SESSION object.
object in the REQUEST. This is simple, and fairly intuitive.
For example, in DTML you might:: For example, in DTML you might::
<dtml-with SESSION mapping> <dtml-with SESSION mapping>
...@@ -26,12 +32,12 @@ Session API Programming ...@@ -26,12 +32,12 @@ Session API Programming
<dtml-var SESSION> <dtml-var SESSION>
This would print the cart object in the session, or the entire SESSION This would print the cart object in the session, or the entire SESSION
object. You could set an object. You could set an object in the session similarly to how you
object in the session similarly to how you set it in the REQUEST:: set it in the REQUEST::
<dtml-call expr="SESSION.set('cart','this is really more of a wagon')"> <dtml-call expr="SESSION.set('cart','this is really more of a wagon')">
You adjust the name of the SESSION object in the management screens You may change the name of the SESSION object in the management screens
for the session data object. You can do more complex operations on for the session data object. You can do more complex operations on
SESSION data with python scripts, e.g.:: SESSION data with python scripts, e.g.::
...@@ -42,18 +48,11 @@ Session API Programming ...@@ -42,18 +48,11 @@ Session API Programming
session['cart'] = cart # force a save back to the session session['cart'] = cart # force a save back to the session
In general, it is better to put manipulation of data in the session in
a python script than it is to do it via DTML or a page template; while
the latter is possible, it would be far better to simply place a session
management call at the top of any page which requires manipulation of
session data.
Tips Tips
Keep in mind that SESSION objects (Which are really Transient Objects) Keep in mind that SESSION objects are a lot like dictionaries; if
are basically dictionaries; if you wish to iterate through them in the you wish to iterate through them in the context of a dtml-in expression,
context of a DTML-IN expression, you should use something like:: you should use something like::
<dtml-in expr="SESSION.items()"> <dtml-in expr="SESSION.items()">
<dtml-var sequence-key>: <dtml-var sequence-item> <dtml-var sequence-key>: <dtml-var sequence-item>
......
...@@ -85,9 +85,9 @@ ...@@ -85,9 +85,9 @@
""" """
Test suite for session id manager. Test suite for session id manager.
$Id: testBrowserIdManager.py,v 1.2 2001/11/14 13:50:10 matt Exp $ $Id: testBrowserIdManager.py,v 1.3 2001/11/17 16:07:41 chrism Exp $
""" """
__version__ = "$Revision: 1.2 $"[11:-2] __version__ = "$Revision: 1.3 $"[11:-2]
import sys import sys
if __name__ == "__main__": if __name__ == "__main__":
...@@ -113,19 +113,19 @@ class TestBrowserIdManager(TestCase): ...@@ -113,19 +113,19 @@ class TestBrowserIdManager(TestCase):
def tearDown(self): def tearDown(self):
del self.m del self.m
def testSetTokenKey(self): def testSetBrowserIdName(self):
self.m.setTokenKey('foo') self.m.setBrowserIdName('foo')
assert self.m.getTokenKey()== 'foo' assert self.m.getBrowserIdName()== 'foo'
def testSetBadKeyString(self): def testSetBadBrowserIdName(self):
try: try:
self.m.setTokenKey('') self.m.setBrowserIdName('')
except BrowserIdManagerErr: except BrowserIdManagerErr:
pass pass
else: else:
assert 1 == 2 assert 1 == 2
try: try:
self.m.setTokenKey(1) self.m.setBrowserIdName(1)
except BrowserIdManagerErr: except BrowserIdManagerErr:
pass pass
else: else:
...@@ -134,7 +134,7 @@ class TestBrowserIdManager(TestCase): ...@@ -134,7 +134,7 @@ class TestBrowserIdManager(TestCase):
def testSetBadNamespaces(self): def testSetBadNamespaces(self):
d = {1:'gummy', 2:'froopy'} d = {1:'gummy', 2:'froopy'}
try: try:
self.m.setTokenKeyNamespaces(d) self.m.setBrowserIdNamespaces(d)
except BrowserIdManagerErr: except BrowserIdManagerErr:
pass pass
else: else:
...@@ -142,8 +142,22 @@ class TestBrowserIdManager(TestCase): ...@@ -142,8 +142,22 @@ class TestBrowserIdManager(TestCase):
def testSetGoodNamespaces(self): def testSetGoodNamespaces(self):
d = {1:'cookies', 2:'form'} d = {1:'cookies', 2:'form'}
self.m.setTokenKeyNamespaces(d) self.m.setBrowserIdNamespaces(d)
assert self.m.getTokenKeyNamespaces() == d assert self.m.getBrowserIdNamespaces() == d
def testSetNamespacesByLocation(self):
self.m.setBrowserIdLocation('cookiesonly')
assert self.m.getBrowserIdNamespaces() == {1:'cookies'}
assert self.m.getBrowserIdLocation() == 'cookiesonly'
self.m.setBrowserIdLocation('cookiesthenform')
assert self.m.getBrowserIdNamespaces() == {1:'cookies', 2:'form'}
assert self.m.getBrowserIdLocation() == 'cookiesthenform'
self.m.setBrowserIdLocation('formonly')
assert self.m.getBrowserIdNamespaces() == {1:'form'}
assert self.m.getBrowserIdLocation() == 'formonly'
self.m.setBrowserIdLocation('formthencookies')
assert self.m.getBrowserIdNamespaces() == {1:'form', 2:'cookies'}
assert self.m.getBrowserIdLocation() == 'formthencookies'
def testSetBadCookiePath(self): def testSetBadCookiePath(self):
path = '/;' path = '/;'
...@@ -224,131 +238,99 @@ class TestBrowserIdManager(TestCase): ...@@ -224,131 +238,99 @@ class TestBrowserIdManager(TestCase):
self.m.setCookieSecure(1) self.m.setCookieSecure(1)
assert self.m.getCookieSecure() == 1 assert self.m.getCookieSecure() == 1
def testDelegateToParent(self): def testGetBrowserIdCookie(self):
self.m.turnOff() token = self.m.getBrowserId()
try: self.m.REQUEST.browser_id_ = token
a = self.m.hasToken() self.m.REQUEST.browser_id_ns_ = 'cookies'
except BrowserIdManagerErr: tokenkey = self.m.getBrowserIdName()
pass
else:
assert 1==2
def testGetTokenCookie(self):
token = self.m.getToken()
self.m.REQUEST.browser_token_ = token
self.m.REQUEST.browser_token_ns_ = 'cookies'
tokenkey = self.m.getTokenKey()
self.m.REQUEST.cookies[tokenkey] = token self.m.REQUEST.cookies[tokenkey] = token
a = self.m.getToken() a = self.m.getBrowserId()
assert a == token, repr(a) assert a == token, repr(a)
assert self.m.isTokenFromCookie() assert self.m.isBrowserIdFromCookie()
def testSetSessionTokenDontCreate(self): def testSetBrowserIdDontCreate(self):
a = self.m.getToken(0) a = self.m.getBrowserId(0)
assert a == None assert a == None
def testSetSessionTokenCreate(self): def testSetBrowserIdCreate(self):
a = self.m.getToken(1) a = self.m.getBrowserId(1)
tokenkey = self.m.getTokenKey() tokenkey = self.m.getBrowserIdName()
b = self.m.REQUEST.RESPONSE.cookies[tokenkey] b = self.m.REQUEST.RESPONSE.cookies[tokenkey]
assert a == b['value'], (a, b) assert a == b['value'], (a, b)
def testHasToken(self): def testHasToken(self):
assert not self.m.hasToken() assert not self.m.hasBrowserId()
a = self.m.getToken() a = self.m.getBrowserId()
assert self.m.hasToken() assert self.m.hasBrowserId()
def testTokenIsNew(self): def testTokenIsNew(self):
a = self.m.getToken() a = self.m.getBrowserId()
assert self.m.isTokenNew() assert self.m.isBrowserIdNew()
def testIsTokenFromCookieFirst(self): def testIsBrowserIdFromCookieFirst(self):
token = self.m.getToken() token = self.m.getBrowserId()
self.m.REQUEST.browser_token_ = token self.m.REQUEST.browser_id_ = token
self.m.REQUEST.browser_token_ns_ = 'cookies' self.m.REQUEST.browser_id_ns_ = 'cookies'
tokenkey = self.m.getTokenKey() tokenkey = self.m.getBrowserIdName()
self.m.REQUEST.cookies[tokenkey] = token self.m.REQUEST.cookies[tokenkey] = token
self.m.setTokenKeyNamespaces({1:'cookies', 2:'form'}) self.m.setBrowserIdNamespaces({1:'cookies', 2:'form'})
a = self.m.getToken() a = self.m.getBrowserId()
assert self.m.isTokenFromCookie() assert self.m.isBrowserIdFromCookie()
def testIsTokenFromFormFirst(self): def testIsBrowserIdFromFormFirst(self):
token = self.m.getToken() token = self.m.getBrowserId()
self.m.REQUEST.browser_token_ = token self.m.REQUEST.browser_id_ = token
self.m.REQUEST.browser_token_ns_ = 'form' self.m.REQUEST.browser_id_ns_ = 'form'
tokenkey = self.m.getTokenKey() tokenkey = self.m.getBrowserIdName()
self.m.REQUEST.form[tokenkey] = token self.m.REQUEST.form[tokenkey] = token
self.m.setTokenKeyNamespaces({1:'form', 2:'cookies'}) self.m.setBrowserIdNamespaces({1:'form', 2:'cookies'})
a = self.m.getToken() a = self.m.getBrowserId()
assert self.m.isTokenFromForm() assert self.m.isBrowserIdFromForm()
def testIsTokenFromCookieOnly(self): def testIsTokenFromCookieOnly(self):
token = self.m.getToken() token = self.m.getBrowserId()
self.m.REQUEST.browser_token_ = token self.m.REQUEST.browser_id_ = token
self.m.REQUEST.browser_token_ns_ = 'cookies' self.m.REQUEST.browser_id_ns_ = 'cookies'
tokenkey = self.m.getTokenKey() tokenkey = self.m.getBrowserIdName()
self.m.REQUEST.cookies[tokenkey] = token self.m.REQUEST.form[tokenkey] = token
self.m.setTokenKeyNamespaces({1:'cookies'}) self.m.setBrowserIdNamespaces({1:'cookies'})
a = self.m.getToken() a = self.m.getBrowserId()
assert self.m.isTokenFromCookie() assert self.m.isBrowserIdFromCookie()
assert not self.m.isTokenFromForm() assert not self.m.isBrowserIdFromForm()
def testIsTokenFromFormOnly(self): def testIsTokenFromFormOnly(self):
token = self.m.getToken() token = self.m.getBrowserId()
self.m.REQUEST.browser_token_ = token self.m.REQUEST.browser_id_ = token
self.m.REQUEST.browser_token_ns_ = 'form' self.m.REQUEST.browser_id_ns_ = 'form'
tokenkey = self.m.getTokenKey() tokenkey = self.m.getBrowserIdName()
self.m.REQUEST.form[tokenkey] = token self.m.REQUEST.form[tokenkey] = token
self.m.setTokenKeyNamespaces({1:'form'}) self.m.setBrowserIdNamespaces({1:'form'})
a = self.m.getToken() a = self.m.getBrowserId()
assert self.m.isTokenFromForm() assert not self.m.isBrowserIdFromCookie()
assert not self.m.isTokenFromCookie() assert self.m.isBrowserIdFromForm()
def testFlushTokenCookie(self): def testFlushTokenCookie(self):
token = self.m.getToken() token = self.m.getBrowserId()
self.m.REQUEST.browser_token_ = token self.m.REQUEST.browser_id_ = token
self.m.REQUEST.browser_token_ns_ = 'cookies' self.m.REQUEST.browser_id_ns_ = 'cookies'
tokenkey = self.m.getTokenKey() tokenkey = self.m.getBrowserIdName()
self.m.REQUEST.cookies[tokenkey] = token self.m.REQUEST.cookies[tokenkey] = token
a = self.m.getToken() a = self.m.getBrowserId()
assert a == token, repr(a) assert a == token, repr(a)
assert self.m.isTokenFromCookie() assert self.m.isBrowserIdFromCookie()
self.m.flushTokenCookie() self.m.flushBrowserIdCookie()
c = self.m.REQUEST.RESPONSE.cookies[tokenkey] c = self.m.REQUEST.RESPONSE.cookies[tokenkey]
assert c['value'] == 'deleted', c assert c['value'] == 'deleted', c
def testDelegateToParentFail(self):
self.m.turnOff()
try:
self.m.getToken()
except BrowserIdManagerErr:
pass
else:
assert 1==2
def testDelegateToParentSucceed(self):
self.m.turnOff()
class foo:
pass
class bar:
def getToken(unself, create=1):
return 'worked'
fooi = foo()
bari = bar()
setattr(fooi, self.m.id, bari)
self.m.aq_parent = fooi
assert self.m.getToken() == 'worked'
def testEncodeUrl(self): def testEncodeUrl(self):
keystring = self.m.getTokenKey() keystring = self.m.getBrowserIdName()
key = self.m.getToken() key = self.m.getBrowserId()
u = '/home/chrism/foo' u = '/home/chrism/foo'
r = self.m.encodeUrl(u) r = self.m.encodeUrl(u)
assert r == '%s?%s=%s' % (u, keystring, key) assert r == '%s?%s=%s' % (u, keystring, key)
u = 'http://www.zope.org/Members/mcdonc?foo=bar&spam=eggs' u = 'http://www.zope.org/Members/mcdonc?foo=bar&spam=eggs'
r = self.m.encodeUrl(u) r = self.m.encodeUrl(u)
assert r == '%s&%s=%s' % (u, keystring, key) assert r == '%s&%s=%s' % (u, keystring, key)
def test_suite(): def test_suite():
testsuite = makeSuite(TestBrowserIdManager, 'test') testsuite = makeSuite(TestBrowserIdManager, 'test')
......
...@@ -202,15 +202,15 @@ class TestSessionManager(TestBase): ...@@ -202,15 +202,15 @@ class TestSessionManager(TestBase):
sd.invalidate() sd.invalidate()
assert hasattr(sd, '_invalid') assert hasattr(sd, '_invalid')
def testSessionTokenIsSet(self): def testBrowserIdIsSet(self):
sd = self.app.session_data_manager.getSessionData() sd = self.app.session_data_manager.getSessionData()
mgr = getattr(self.app, idmgr_name) mgr = getattr(self.app, idmgr_name)
assert mgr.hasToken() assert mgr.hasBrowserId()
def testGetSessionDataByKey(self): def testGetSessionDataByKey(self):
sd = self.app.session_data_manager.getSessionData() sd = self.app.session_data_manager.getSessionData()
mgr = getattr(self.app, idmgr_name) mgr = getattr(self.app, idmgr_name)
token = mgr.getToken() token = mgr.getBrowserId()
bykeysd = self.app.session_data_manager.getSessionDataByKey(token) bykeysd = self.app.session_data_manager.getSessionDataByKey(token)
assert sd == bykeysd, (sd, bykeysd, token) assert sd == bykeysd, (sd, bykeysd, token)
...@@ -324,8 +324,8 @@ class BaseReaderWriter(threading.Thread): ...@@ -324,8 +324,8 @@ class BaseReaderWriter(threading.Thread):
self.conn = db.open() self.conn = db.open()
self.app = self.conn.root()['Application'] self.app = self.conn.root()['Application']
self.app = makerequest.makerequest(self.app) self.app = makerequest.makerequest(self.app)
token = self.app.browser_id_manager._getNewToken() token = self.app.browser_id_manager._getNewBrowserId()
self.app.REQUEST.session_token_ = token self.app.REQUEST.browser_id_ = token
self.iters = iters self.iters = iters
self.sdm_name = sdm_name self.sdm_name = sdm_name
self.out = [] self.out = []
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment