[Framework-Team] PLIP 48 review notes

Wichert Akkerman wichert at wiggy.net
Tue Sep 12 20:16:51 UTC 2006


Changes from stock Plone
========================
This bundle features two modifications from standard Plone:

 * adds the new SessionCrumbler product from collective
 * Uses a modified PlonePAS


PlonePAS modifications
----------------------

The PlonePAS modifications are restricted to deactivating the
standard cookie authentication handler and installing the new
credentials_session_auth plugin.

SessionCrumbler product
-----------------------

One obvious remark is that this product does not comply with the current
preferred layout: no seperate module for interfaces, and no plugins
subdirectory - instead everything is put in a the top directory.

There is a lot of code to support non-PAS sites. Creating a new branch
to remove all the legacy code, cleaning up the product structure and
making a PAS-only release 

The PAS code itself is not complex and implements all require PAS interfaces
correctly.


Issues
======

The session cookie is stored in the _ZopeId cookie. This is not compatible
with CacheFu, which checks only check for __ac cookies and the Authorization
header. Since sessions are always a per-user thing this should be fixed in
CacheFu (specifically its squid configuration).

Using sessions means that ZEO clusters will not work out of the box: the
session storage is not shared between ZEO clients. This needs to be explicitly
documented in release notes.


-- 
Wichert Akkerman <wichert at wiggy.net>    It is simple to make things.
http://www.wiggy.net/                   It is hard to make things simple.




More information about the Framework-Team mailing list