There's a discussion going on on the CherryPy list about putting session IDs in the URL and having the session filter automatically pull the ID out. I think this has come up here as well.
As Remi points out in this thread (http://tinyurl.com/aez56), CherryPy doesn't have any way to help you get your session ID in the URL. However, TurboGears *does* have a URL generation function. Its use is optional, but strongly recommended... it would be easy for that function to include a session ID, if needed... I just thought I'd bring this up for anyone else out there looking for sessions that don't require cookies. Kevin ---------- Forwarded message ---------- From: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date: Nov 30, 2005 8:28 PM Subject: [cherrypy-devel] Re: Sessions and cookies To: cherrypy-devel <[EMAIL PROTECTED]> Interesting. After thinking about it some more, there are some tremendous technological issues with rewriting URLs. The problem, as your comments suggest, is that a parser and javascript wrapper library are necessary. Funny enough, I built an entire web proxy that had a complete HTML parser and javascript wrapper library that rewrote URLs for a client years ago - it was a monumental task and would add way too much bloat to cherrypy. That said, I think this suggests are more generalized solution: the creation of a simple interface for sessionID extraction/insertion which allows users to plug in their particular implementation. So, for example, each of sessionfilter's methods could reference whatever class the user defined in the config (much as one can currently define classes to run when sessions are created or destroyed). For each method in sessionfilter, a corresponding predetermined named method could be available in the user defined class. I think this essentially a strategy design pattern. I think the primary point I'm trying to make is that coupling sessions with cookies is unnecessary. Providing a mechanism for developers to implement their own sessionID extraction/insertion techniques gives them a real sense of freedom: as web applications (using xml-rpc,soap, etc), not just websites, become increasingly common, this will prove particularly important. As an aside, how exactly does one offer actual code for possible integration? Should I just code up a prototype and post it somewhere? If so, where? -- Kevin Dangoor Author of the Zesty News RSS newsreader email: [EMAIL PROTECTED] company: http://www.BlazingThings.com blog: http://www.BlueSkyOnMars.com
