Damjan Georgievski
gdamjan at freemail.org.mk
Wed Oct 11 23:15:35 EST 2000
> Hi Damjan! > > Is there some sollution for session managment in mod_python. I actually > > have some ideas how to build this, but wanted to check first, if someone > > else has solved this problem. Thanks. > > It is pretty easy todo, and really depends a lot on the application you > are using no how you would want to implement it, and what level of security > you want to build into it. > > There are many many things potentially involved in session management. > > Firstly, do you want to store the session key as a cookie or as part of > the url (eg ?key=12331232 ). > > Secondly, do you want to store keys in a database, in memory, in a file > system. > > Thirdly, what data do you want to store between sessions? Simlpy what > user is logged in, other 'simple' information or complex stuff like > class objects in memory. I know there are many possible ways of doing this, but I can't say which way is better (key or cookie , memory/database/file). But for sure I would like to store a whole object. > Finally, how long is a session, when does it end, do you rely on client > side expiring cookies, do you allow the session cookie to be used for > multiple requests, or do you issue a new cookie each time to reduce the > change of someone stealing the cookie and using it to login as the > correct user? > > I have done a session management for my first project in mod_python, > using a backend postgres database. I use it simply to track the user > that is logged in. I am using cookies to store the session key. > Each new page the client is issued with a new cookie, the cookie is > checked server side that it is still valid (I have a ten minute > time-out on the cookie). Mainly this is what I thought I would do, but many thanks for the cookie expiration hint. I just think, there should be a standrard mod_python module, with a simple interface that automates the hard work. This (and embeded Python support) will finnish-up mod_python to be much more stronger compared to mod_perl. Thanks. -- damjan
|