[mod_python] Sessions performance and some numbers

Gregory (Grisha) Trubetskoy grisha at modpython.org
Thu Apr 7 12:36:28 EDT 2005


I'd like to hear some explanation of the problem with DBM sessions first.

also - how hard is it to make the code below attempt to unpickle arbitrary 
stuff (potential security problem)?

grisha

On Thu, 7 Apr 2005, Nicolas Lehuen wrote:

> Hi,
>
> Your code seems perfect to me. We could indeed add an extra hash to
> the directory name so that all sessions do not end in the same
> directory ; but I guess this is not needed on modern FS like ReiserFS
> or WinFS.
>
> Also, the unlink call in do_delete needs an "os." to be correct...
>
> If everybody is OK I could integrate your class into the Session.py
> module, so that it becomes a standard session implementation in the
> next release. Grisha, Graham, what do you think ?
>
> Just as a note, the DbmSession relies on the anydbm module ; maybe the
> crappy performance were due to the fact that anydbm reverted to a
> crappy implementation, not the fastest (?) Berkeley-DB based one.
>
> Regards,
>
> Nicolas
>
> On Apr 7, 2005 5:01 PM, dharana <dharana at dharana.net> wrote:
>>
>>
>> Graham Dumpleton wrote:
>>>
>>> On 07/04/2005, at 8:08 PM, dharana wrote:
>>>
>>>> If you want I can send my modified Session.py with the new FileSession
>>>> class for review.
>>>
>>>
>>> There probably shouldn't have been a need for you to copy/modify the actual
>>> Session.py file which came with mod_python as your derived version could
>>> live quite happily in its own module and simply used the installed Session
>>> module.
>>>
>>
>> I presumptuously thought that it could fit into the official mod_python
>> package due to it's high performance when compared to DbmSession.
>>
>> >
>>> Anyway, by all means post your code as sure it will be of interest to
>>> someone, if not now then maybe in the future. If there are any problems
>>> in what you have done, someone is also bound to point it out.
>>>
>>
>> Here it goes. Please point out any obvious problem. Apart from being new
>> to mod_python I'm also new to Python in general. For example, I don't
>> think the exception handling I've put is completely correct.
>>
>> In anticipation for any possible attachment problems i pasted it
>> directly. (I have read PEP 0008 and the 4 spaces indentation level
>> recommendation but I'm in a hurry right now, sorry.)
>>
>> --- FileSession.py -----------------------------------------------------
>> import cPickle
>> import tempfile
>>
>> from mod_python import Session
>>
>> tempdir = tempfile.gettempdir()
>>
>> class FileSession(Session.BaseSession):
>>
>>    def __init__(self, req, sid=0, secret=None, timeout=0, lock=1):
>>
>>      Session.BaseSession.__init__(self, req, sid=sid, secret=secret,
>>                           timeout=timeout, lock=lock)
>>
>>    def do_cleanup(self):
>>      import os
>>
>>      # is there any faster way of doing this?
>>      for f in os.listdir(tempdir):
>>        if f.find('mp_sess_', 0, 11) == -1:
>>          continue
>>
>>        fp = file('%s%s' % (tempdir, f))
>>        dict = cPickle.load(fp)
>>        fp.close()
>>
>>        if (time() - dict['_accessed']) > dict['_timeout']:
>>          os.unlink('%s%s' % (tempdir, f))
>>
>>    def do_load(self):
>>      try:
>>      # again, is there a more pythonic way of doing this check?
>>        fp = file('%s/mp_sess_%s' % (tempdir, self._sid))
>>      except Exception:
>>        return None
>>      else:
>>        try:
>>          data = cPickle.load(fp)
>>          fp.close()
>>          return data
>>
>>        except Exception:
>>          fp.close()
>>          pass
>>
>>    def do_save(self, dict):
>>      fp = file('%s/mp_sess_%s' % (tempdir, self._sid), 'w+')
>>      cPickle.dump(dict, fp)
>>      fp.close()
>>
>>    def do_delete(self):
>>      try:
>>        unlink('%s/mp_sess_%s' % (tempdir, self._sid))
>>      except Exception:
>>        pass
>> ------------------------------------------------------------------------
>>
>> --
>> Juan Alonso
>> http://gamersmafia.com | http://laflecha.net
>>
>>
>> import cPickle
>> import tempfile
>>
>> from mod_python import Session
>>
>> tempdir = tempfile.gettempdir()
>>
>> class FileSession(Session.BaseSession):
>>
>>   def __init__(self, req, sid=0, secret=None, timeout=0, lock=1):
>>
>>     Session.BaseSession.__init__(self, req, sid=sid, secret=secret,
>>                          timeout=timeout, lock=lock)
>>
>>   def do_cleanup(self):
>>     import os
>>
>>     # is there any faster way of doing this?
>>     for f in os.listdir(tempdir):
>>       if f.find('mp_sess_', 0, 11) == -1:
>>         continue
>>
>>       fp = file('%s%s' % (tempdir, f))
>>       dict = cPickle.load(fp)
>>       fp.close()
>>
>>       if (time() - dict['_accessed']) > dict['_timeout']:
>>         os.unlink('%s%s' % (tempdir, f))
>>
>>   def do_load(self):
>>     try:
>>     # again, is there a more pythonic way of doing this check?
>>       fp = file('%s/mp_sess_%s' % (tempdir, self._sid))
>>     except Exception:
>>       return None
>>     else:
>>       try:
>>         data = cPickle.load(fp)
>>         fp.close()
>>         return data
>>
>>       except Exception:
>>         fp.close()
>>         pass
>>
>>   def do_save(self, dict):
>>     fp = file('%s/mp_sess_%s' % (tempdir, self._sid), 'w+')
>>     cPickle.dump(dict, fp)
>>     fp.close()
>>
>>   def do_delete(self):
>>     try:
>>       unlink('%s/mp_sess_%s' % (tempdir, self._sid))
>>     except Exception:
>>       pass
>>
>>
>> _______________________________________________
>> Mod_python mailing list
>> Mod_python at modpython.org
>> http://mailman.modpython.org/mailman/listinfo/mod_python
>>
>>
>>
> _______________________________________________
> Mod_python mailing list
> Mod_python at modpython.org
> http://mailman.modpython.org/mailman/listinfo/mod_python
>


More information about the Mod_python mailing list