- Session(req[, sid, secret, timeout, lock, lockfile])
This function queries the MPM and based on that returns either a new
instance of DbmSession or MemorySession. It takes
same arguments as BaseSession.
MemorySession will be used if the MPM is threaded and not
forked (such is the case on Windows), or if it threaded, forked, but
only one process is allowed (the worker MPM can be configured to run
this way). In all other cases DbmSession is used.
- class BaseSession(req[, sid, secret, timeout, lock, lockfile])
This class is meant to be used as a base class for other classes
that implement a session storage mechanism. req is a required
reference to a mod_python request object.
BaseSession is a subclass of dict. Data can be
stored and retrieved from the session by using it as a
sid is an optional session id; if provided, such a session
must already exist, otherwise it is ignored and a new session with a
new sid is created. If sid is not provided, the object will
attempt to look at cookies for session id. If a sid is found in
cookies, but it is not previously known or the session has expired,
then a new sid is created. Whether a session is ``new'' can be
determined by calling the is_new() method.
Cookies generated by sessions will have a path attribute which is
calculated by comparing the server
DocumentRoot and the
directory in which the
PythonHandler directive currently in
effect was specified. E.g. if document root is /a/b/c and
PythonHandler was specified in /a/b/c/d/e, the path
will be set to /d/e. You can force a specific path by using
ApplicationPath option ("PythonOption ApplicationPath
/my/path" in server configuration).
When a secret is provided, BaseSession will use
SignedCookie when generating cookies thereby making the
session id almost impossible to fake. The default is to use plain
Cookie (though even if not signed, the session id is
generated to be very difficult to guess).
A session will timeout if it has not been accessed for more than
timeout, which defaults to 30 minutes. An attempt to load an
expired session will result in a ``new'' session.
The lock argument (defaults to 1) indicates whether locking
should be used. When locking is on, only one session object with a
particular session id can be instantiated at a time. lockfile
is the name of a file to be used for inter-process locks.
A session is in ``new'' state when the session id was just
generated, as opposed to being passed in via cookies or the
Returns 1 if this session is new. A session will also be ``new''
after an attempt to instantiate an expired or non-existent
session. It is important to use this method to test whether an
attempt to instantiate a session has succeeded, e.g.:
sess = Session(req)
# redirect to login
Returns the session id.
Returns the session creation time in seconds since beginning of
Returns last access time in seconds since beginning of epoch.
Returns session timeout interval in seconds.
Set timeout to secs.
This method will remove the session from the persistent store and
also place a header in outgoing headers to invalidate the session
Load the session values from storage.
This method writes session values to storage.
Remove the session from storage.
This method initializes the session lock. There is no need to ever
call this method, it is intended for subclasses that wish to use
an alternative locking mechanism.
Locks this session. If the session is already locked by another
thread/process, wait until that lock is released. There is no need
to call this method if locking is handled automatically (default).
Unlocks this session. (Same as lock() - when locking is
handled automatically (default), there is no need to call this
This method is for subclasses to implement session storage
cleaning mechanism (i.e. deleting expired sessions, etc.). It will
be called at random, the chance of it being called is controlled
by CLEANUP_CHANCE Session module variable
(default 1000). This means that cleanups will be ordered at random
and there is 1 in 1000 chance of it happening. Subclasses
implementing this method should not perform the (potentially time
consuming) cleanup operation in this method, but should instead
use req.register_cleanup to register a cleanup which will
be executed after the request has been processed.
- class MemorySession(req, [, sid, secret, dbmtype, timeout])
This class provides session storage using a global dictionary. This
class provides by far the best performance, but cannot be used in a
multi-process configuration, and also consumes memory for every
- class DbmSession(req, [, dbm, sid, secret, dbmtype, timeout])
This class provides session storage using a dbm file. Generally, dbm
access is very fast, and most dbm implementations memory-map files
for faster access, which makes their performance nearly as fast as
direct shared memory access.
dbm is the name of the dbm file (the file must be writable by
the httpd process). This file is not deleted when the server process
is stopped (a nice side benefit of this is that sessions can survive
server restarts). By default the session information is stored in a
dbmfile named mp_sess.dbm and stored in a temporary directory
tempfile.gettempdir() standard library
function. It can be overridden by setting
The implementation uses Python anydbm module, which will
default to dbhash on most systems. If you need to use a
specific dbm implementation (e.g. gdbm), you can pass that
module as dbmtype.
What is this????|