Skip to main content

Client identification and sessions for Zope

Project description


Latest release Supported Python versions Documentation Status

This package provides interfaces for client identification and session support and their implementations for the request objects of zope.publisher.

Documentation is hosted at


5.1 (2023-08-28)

  • Declare zope.traversing as install dependency.

5.0 (2023-03-02)

  • Drop support for Python 2.7, 3.5, 3.6.

  • Add support for Python 3.11.

4.5 (2022-08-30)

  • Add support for Python 3.5, 3.9, 3.10.

4.4.0 (2020-10-16)

  • Fix inconsistent resolution order with zope.interface v5.

  • Add support for Python 3.8.

  • Drop support for Python 3.4 and 3.5.

4.3.0 (2018-10-19)

4.2.0 (2017-09-22)

  • Add support for Python 3.5 and 3.6.

  • Drop support for Python 2.6 and 3.3

  • Reach 100% code coverage and maintain it via tox.ini and Travis CI.

4.1.0 (2015-06-02)

  • Add support for PyPy and PyPy3.

4.0.0 (2014-12-24)

  • Add support for Python 3.4.

  • Add support for testing on Travis.

4.0.0a2 (2013-08-27)

  • Fix test that fails on any timezone east of GMT

4.0.0a1 (2013-02-21)

  • Add support for Python 3.3

  • Replace deprecated zope.component.adapts usage with equivalent zope.component.adapter decorator.

  • Replace deprecated zope.interface.implements usage with equivalent zope.interface.implementer decorator.

  • Drop support for Python 2.4 and 2.5.

3.9.5 (2011-08-11)

  • LP #824355: enable support for HttpOnly cookies.

  • Fix a bug in zope.session.session.Session that would trigger an infinite loop if either iteration or a containment test were attempted on an instance.

3.9.4 (2011-03-07)

  • Add an explicit provides to the IClientId adapter declaration in adapter.zcml.

  • Add option to disable implicit sweeps in PersistentSessionDataContainer.

3.9.3 (2010-09-25)

  • Add test extra to declare test dependency on zope.testing.

  • Use Python’s doctest module instead of depreacted zope.testing.doctest.

3.9.2 (2009-11-23)

  • Fix Python 2.4 hmac compatibility issue by only using hashlib in Python versions 2.5 and above.

  • Use the CookieClientIdManager’s secret as the hmac key instead of the message when constructing and verifying client ids.

  • Make it possible to construct CookieClientIdManager passing cookie namespace and/or secret as constructor’s arguments.

  • Use zope.schema.fieldproperty.FieldProperty for “namespace” attribute of CookieClientIdManager, just like for other attributes in its interface. Also, make ICookieClientIdManager’s “namespace” field an ASCIILine, so it accepts only non-unicode strings for cookie names.

3.9.1 (2009-04-20)

  • Restore compatibility with Python 2.4.

3.9.0 (2009-03-19)

  • Don’t raise deprecation warnings on Python 2.6.

  • Drop dependency on zope.annotation. Instead, we make classes implement IAttributeAnnotatable in ZCML configuration, only if zope.annotation is available. If your code relies on annotatable CookieClientIdManager and PersistentSessionDataContainer and you don’t include the zcml classes configuration of this package, you’ll need to use classImplements function from zope.interface to make those classes implement IAttributeAnnotatable again.

  • Drop dependency on, use standard date formatting function from the email.utils module.

  • Zope 3 application bootstrapping code for session utilities was moved into package, thus drop dependency on in this package.

  • Drop testing dependencies, as we don’t need anything behind zope.testing and previous dependencies was simply migrated from before.

  • Remove zpkg files and zcml slugs.

  • Update package’s description a bit.

3.8.1 (2009-02-23)

  • Add an ability to set cookie effective domain for CookieClientIdManager. This is useful for simple cases when you have your application set up on one domain and you want your identification cookie be active for subdomains.

  • Python 2.6 compatibility change. Encode strings before calling as the function no longer accepts the unicode() type.

3.8.0 (2008-12-31)

  • Add missing test dependency on and

3.7.1 (2008-12-30)

  • Specify i18n_domain for titles in apidoc.zcml

  • ZODB 3.9 no longer contains ZODB.utils.ConflictResolvingMappingStorage, fixed tests, so they work both with ZODB 3.8 and 3.9.

3.7.0 (2008-10-03)

New features:

  • Added a ‘postOnly’ option on CookieClientIdManagers to only allow setting the client id cookie on POST requests. This is to further reduce risk from broken caches handing the same client id out to multiple users. (Of course, it doesn’t help if caches are broken enough to cache POSTs.)

3.6.0 (2008-08-12)

New features:

  • Added a ‘secure’ option on CookieClientIdManagers to cause the secure set-cookie option to be used, which tells the browser not to send the cookie over http.

    This provides enhanced security for ssl-only applications.

  • Only set the client-id cookie if it isn’t already set and try to prevent the header from being cached. This is to minimize risk from broken caches handing the same client id out to multiple users.

3.5.2 (2008-06-12)

  • Remove ConflictErrors caused on SessionData caused by setting lastAccessTime.

3.5.1 (2008-04-30)

  • Split up the ZCML to make it possible to re-use more reasonably.

3.5.0 (2008-03-11)

  • Change the default session “resolution” to a sane value and document/test it.

3.4.1 (2007-09-25)

  • Fixed some meta data and switch to tgz release.

3.4.0 (2007-09-25)

  • Initial release

  • Moved parts from to this packages

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

zope.session-5.1.tar.gz (33.1 kB view hashes)

Uploaded source

Built Distribution

zope.session-5.1-py3-none-any.whl (24.8 kB view hashes)

Uploaded py3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page