[Framework-Team] PLIP 48 review notes
Wichert Akkerman
wichert at wiggy.net
Tue Sep 12 20:16:51 UTC 2006
Changes from stock Plone
========================
This bundle features two modifications from standard Plone:
* adds the new SessionCrumbler product from collective
* Uses a modified PlonePAS
PlonePAS modifications
----------------------
The PlonePAS modifications are restricted to deactivating the
standard cookie authentication handler and installing the new
credentials_session_auth plugin.
SessionCrumbler product
-----------------------
One obvious remark is that this product does not comply with the current
preferred layout: no seperate module for interfaces, and no plugins
subdirectory - instead everything is put in a the top directory.
There is a lot of code to support non-PAS sites. Creating a new branch
to remove all the legacy code, cleaning up the product structure and
making a PAS-only release
The PAS code itself is not complex and implements all require PAS interfaces
correctly.
Issues
======
The session cookie is stored in the _ZopeId cookie. This is not compatible
with CacheFu, which checks only check for __ac cookies and the Authorization
header. Since sessions are always a per-user thing this should be fixed in
CacheFu (specifically its squid configuration).
Using sessions means that ZEO clusters will not work out of the box: the
session storage is not shared between ZEO clients. This needs to be explicitly
documented in release notes.
--
Wichert Akkerman <wichert at wiggy.net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
More information about the Framework-Team
mailing list