[mod_python] Session managment for mod_python

Ben Leslie benno at sesgroup.net
Wed Oct 11 09:33:58 EST 2000

Hi Damjan!

On Tue, 10 Oct 2000, Damjan wrote:

> Is there some sollution for session managment in mod_python. I actually
> have some ideas how to build this, but wanted to check first, if someone
> else has solved this problem.  Thanks.

It is pretty easy todo, and really depends a lot on the application you 
are using no how you would want to implement it, and what level of security
you want to build into it.

There are many many things potentially involved in session management.

Firstly, do you want to store the session key as a cookie or as part of
the url (eg ?key=12331232 ).

Secondly, do you want to store keys in a database, in memory, in a file

Thirdly, what data do you want to store between sessions? Simlpy what
user is logged in, other 'simple' information or complex stuff like
class objects in memory.

Finally, how long is a session, when does it end, do you rely on client
 side expiring cookies, do you allow the session cookie to be used for
multiple requests, or do you issue a new cookie each time to reduce the
change of someone stealing the cookie and using it to login as the 
correct user?

I have done a session management for my first project in mod_python, 
using a backend postgres database. I use it simply to track the user
that is logged in. I am using cookies to store the session key. 
Each new page the client is issued with a new cookie, the cookie is 
checked server side that it is still valid (I have a ten minute
time-out on the cookie).

Hope this helps,


More information about the Mod_python mailing list