Hi all --

I've just thrown together a snapshot release of Quixote for anyone
curious to play with the ongoing changes to the session management
interface:

  http://www.mems-exchange.org/software/files/quixote/Quixote-20020520.tar.gz

You can consider this an alpha release of Quixote 0.5; there are more
changes to come.

Here's the changelog so far:

0.5 (?? May 2002):

  * To fix installation problems on Win98 and MacOS (pre OS X),
    setup.py now uses os.curdir instead of ''.

  * Documented and overhauled the session management API.  If you
    were previously using session management, you will almost certainly
    need to change your code; see doc/session-mgmt.txt.  If you would
    like to use session management in your application but were put
    off by the lack of documentation, see doc/session-mgmt.txt.

    Specific changes:
      * removed the global singleton SessionManager object in session.py
        and several related functions
      * removed everything having to do with "application state", an
        unnecessary abstraction caused by premature over-generalization
      * removed the 'actual_user' attribute from Session -- it is
        specific to the MEMS Exchange and just confuses matters
        in Quixote
      * made most instance attributes of Session private
      * defined a sensible persistence API that should work with
        a wide variety of session persistence schemes; the
        abort() and commit() methods of SessionManager are gone,
        and Session's is_empty() has been replaced by is_dirty()

  * Add CHECK_SESSION_ADDR config variable to control whether we
    check that requests in a session all come from the same IP address,
    as a defence against playback attacks.  (Thanks to Jonathan Corbet.)


--
Greg Ward - software developer                gward@mems-exchange.org
MEMS Exchange                            http://www.mems-exchange.org