|
Ben Leslie
benno at sesgroup.net
Wed Oct 11 09:33:58 EST 2000
Hi Damjan! On Tue, 10 Oct 2000, Damjan wrote: > Is there some sollution for session managment in mod_python. I actually > have some ideas how to build this, but wanted to check first, if someone > else has solved this problem. Thanks. > It is pretty easy todo, and really depends a lot on the application you are using no how you would want to implement it, and what level of security you want to build into it. There are many many things potentially involved in session management. Firstly, do you want to store the session key as a cookie or as part of the url (eg ?key=12331232 ). Secondly, do you want to store keys in a database, in memory, in a file system. Thirdly, what data do you want to store between sessions? Simlpy what user is logged in, other 'simple' information or complex stuff like class objects in memory. Finally, how long is a session, when does it end, do you rely on client side expiring cookies, do you allow the session cookie to be used for multiple requests, or do you issue a new cookie each time to reduce the change of someone stealing the cookie and using it to login as the correct user? I have done a session management for my first project in mod_python, using a backend postgres database. I use it simply to track the user that is logged in. I am using cookies to store the session key. Each new page the client is issued with a new cookie, the cookie is checked server side that it is still valid (I have a ten minute time-out on the cookie). Hope this helps, Benno
|