[Cubicweb] Pyramid & Cubicweb sessions/authentication integration

Aurélien Campéas aurelien.campeas at logilab.fr
Mon Jul 7 12:12:01 CEST 2014

On 07/07/2014 12:06, Christophe de Vienne wrote:
> Le 07/07/2014 11:51, Aurélien Campéas a écrit :
>> On 07/07/2014 11:43, Christophe de Vienne wrote:
>>> Le 07/07/2014 11:13, Aurélien Campéas a écrit :
>>>> On 07/07/2014 11:02, Christophe de Vienne wrote:
>>>>> You are right, it is not cw sessions that are persistents, but the web
>>>>> sessions and identity of the user.
>>>>> A cw session is regenerated when needed.
>>>>> That said, I came to wonder what is the actual scope of a cubicweb session.
>>>>> For what I understand, it holds the identity of a user, and can provide
>>>>> connections to the repo.
>>>> As of the top end of the persistent sessions stack, it is that,
>>>> plus `.data`.
>>>>> If it is only that, then we could, if not get rid of them, at least
>>>>> consider them only as an identity cache that is renewable on-demand and
>>>>> does not need to be bound to the web-session.
>>>>> But I sense it is a little more because of the session-data. The thing I
>>>>> don't know is how these session-data are used and how much do they
>>>>> really need to be strongly bounded to the web-session.
>>>> They are not massively used but are clearly needed.
>>> The need for cw persistent sessions looks needed, but for now I fail to
>>> see real-life example where a strong bind to the web-session is required.
>> What do you mean by strong bind ?
> I mean the obligation that a repo session lives from the web user login
> to its logout.

If by "living" you mean the python object is kept in memory, then not.
If not, then, what ?

>> If the cubes expect session.data to be there, it's strong... not ?
> Do they expect the .data to live all along the web-session ?

Yes. Note that there is no really a web-session as opposed to a

> And if they do, isn't it because they rely on the repo session to hold
> data that should belong to the web session ?

We should clarify this web-session vs repo-session thing.
There is exactly ONE session concept right now in Cubicweb.

>> Anyway, the session is accessible through cnx.session so what's
>> the problem ?
> I have no problem, I am just trying to have a clear vision of the
> required scope of the repo session, and if we can un-correlate it from
> the websession.

Sessions are not "web" or "repo", they just are (imho).


More information about the Cubicweb mailing list