[mod_python] Session managment for mod_python

Damjan Georgievski gdamjan at freemail.org.mk
Wed Oct 11 23:15:35 EST 2000


> Hi Damjan!
> > Is there some sollution for session managment in mod_python. I actually
> > have some ideas how to build this, but wanted to check first, if someone
> > else has solved this problem.  Thanks.
> 
> It is pretty easy todo, and really depends a lot on the application you 
> are using no how you would want to implement it, and what level of security
> you want to build into it.
> 
> There are many many things potentially involved in session management.
> 
> Firstly, do you want to store the session key as a cookie or as part of
> the url (eg ?key=12331232 ).
> 
> Secondly, do you want to store keys in a database, in memory, in a file
> system.
> 
> Thirdly, what data do you want to store between sessions? Simlpy what
> user is logged in, other 'simple' information or complex stuff like
> class objects in memory.

I know there are many possible ways of doing this, but I can't say which
way is better (key or cookie , memory/database/file). But for sure I
would like to store a whole object.
 
> Finally, how long is a session, when does it end, do you rely on client
>  side expiring cookies, do you allow the session cookie to be used for
> multiple requests, or do you issue a new cookie each time to reduce the
> change of someone stealing the cookie and using it to login as the 
> correct user?
> 
> I have done a session management for my first project in mod_python, 
> using a backend postgres database. I use it simply to track the user
> that is logged in. I am using cookies to store the session key. 
> Each new page the client is issued with a new cookie, the cookie is 
> checked server side that it is still valid (I have a ten minute
> time-out on the cookie).

Mainly this is what I thought I would do, but many thanks for the cookie
expiration hint.
 
I just think, there should be a standrard mod_python module, with
a simple interface that automates the hard work. This (and embeded
Python support) will finnish-up mod_python to be much more stronger
compared to mod_perl.

Thanks.


-- 
damjan






More information about the Mod_python mailing list