You are not logged in Log in Join
You are here: Home » Members » czimmet » CookieLess Session Management

Log in



CookieLess Session Management

Future versions of CookieLess can be found by clicking here


The CookieLess product provides in memory session management via URL rewriting. To enable session tracking, you simply create a folder and put your objects under the folder. When accessing your objects for the first time a session will be created and your url will be rewritten.

For example, if you create a CookieLessSessionManager folder called cookieless, then :


would be automatically redirected and remapped to :


to store objects via dtml :

        <dtml-call "Session.set('myVariable','somevalue')>

to access myVariable in a later page :

        <dtml-var myVariable>

to ensure that the variable is taken exclusively from the Session object :

        <dtml-with Session only>
                <dtml-var myVariable>

Notes - If any of your objects directly under the folder begin with manage they will not be subject to Session management.

Usage -

Session methods :

                setTimeOut(self,minutes) - set the timeout time. 
                creationTime(self) - returns a DateTime object set to the creation time
                set(self,key,value) - stores a value in the session
                clear(self) - clears all session variables
                keys(self) - returns a list of session variable keys
                get(self,key) - returns the value associated with a particular key
                items(self) - a copy of the list of (key,value) pairs
                has_key(self, key) - returns 1 if session has a key, else 0

Session variables :

                accessedTime - the last time a session was accessed
                timeout - the time in minutes 
                Session - exposes the SessionInstance more easily to dtml
                SESSIONROOT - The absolute url concatenated with the session id

Session Folder Properties :

        expiryURL - optional URL to which Session timeouts will be redirected.
        BypassSessionMgr - When selected turns off CookieLess Session Management. (Use with caution.  Should not be used on a live site)
        timeout - the time in minutes before a session expires.

Known Bugs -

  • Session Timeout thread issues a message :
            currentThread(): no current thread for #### on thread startup.
  • Odd exception with threading in _checkExpired made me put a :
            except: pass
            However, no visible impact occured in the functionality of the product.
  • onSessionStartup is called before an AUTHENTICATED_USER is obtained

Changes -

  • 0.0.6b (2001/04/19)
    • Added setWORM to make a Session property read only
    • Changed name of __call__ to _newSession due to inner workings of Zope calling this method unexpectedly.
    • Added Thilo Ernst's change for an optional expiryURL property that is used on to redirect on session expiration
    • Added Thilo Ernst's change for a SESSIONROOT property
    • Added Thilo Ernst's fix for a missing tail in the URL: # REQUEST as seen in __bobo_traverse__ # is not the original HTTP request; the URLs are stripped at # the element currently traversed # fortunately the original URL can be reconstructed using # REQUEST['TraversalRequestNameStack'] which contains a (reverse) # list of the missing elements
  • 0.0.5b (2000/11/06)
    • Fixed problem in which CookieLessSessionManager would only work when installed directly under the root.
  • 0.0.4b (2000/10/11)
    • Fixed Permission problem with SessionInstance
    • SessionInstance no longer inherits from SimpleItem.
  • 0.0.3b (2000/10/10)
    • Minor bug fix for not putting manage screens under Session control
    • Changed License to Open Source
  • 0.0.2b (2000/10/05)
    • Added default timeout property to the folder
    • Exposed the timeout variable through Session.setTimeOut(minutes)
    • Added creationTime method to get the session's creation time
    • added more documentation in README.txt
    • changed session identifier from $ to S__. Python/Zope internally converts the $ to %24 causing problems with other products.
Latest Release: 0.0.6b
Last Updated: 2001-04-19 11:13:26
Author: ZopeOrgSite
Categories: User Management
Maturity: Development

Available Releases

Version Maturity Platform Released
0.0.6b Development   2001-04-19 11:13:26
  CookieLess006b.tgz (7 K) All md5
0.0.5b Development   2000-11-06 09:01:59
  CookieLess005b.tgz (6 K) All md5
0.0.4b Development   2000-10-12 08:56:17
  CookieLess004b.tgz (6 K) All md5
0.0.3b Development   2000-10-10 10:52:58
  CookieLess003b.tgz (6 K) All md5