[mod_python] cookies, sessions, persistent dbs?

Erik Stephens mod_python at 24ksoftware.com
Sat Mar 27 21:20:22 EST 2004 

On Sat, 27 Mar 2004, John Mudd wrote:

> So, session objects are only needed when there's too much data to
> put it all in cookies?

At least one major difference between storing your data in cookies
vs. a server-side session structure: cookie data must cross the
network.  So, that will affect performance and security.  You should
be able to treat server-side data as safe/untainted.  As far as
security is concerned, cookie data should be treated similarly to form
variables.


> My session object is saved in a dbm file.  Are the sessions records
> automatically deleted from the dbm file when the session expires?

Looking at the code real quick-like, it looks like they are removed
when explicitly (for lack of a better word) expired.  By explicit, I
mean the user requests a page after the timeout as been reached.  Now,
if a user never requests another page again, will the cleanup code
ever get called?  Doesn't *look* like it...


> Do I make a db connection persistent by simply saving the connection
> variables, either in a cookie or a session object?

Nope.


Best regards,
Erik

More information about the Mod_python mailing list