[mod_python] Question about Session security

Jim Gallacher jg.lists at sympatico.ca
Wed Jun 15 17:57:00 EDT 2005

Nick wrote:
> Jim Gallacher wrote:
>>> You can use req.connection to find the users incoming IP address and
>>> save that in the session yourself for later checking.
>>> Ie., not a prepackaged check, but the bits are there for you to do it
>>> yourself in the manner you need.
>> Since I'm (still) messing with the session code, maybe this is worth 
>> building this into the base code now? If it is a security issue let's 
>> address it and save users the worry and bother of implementing their own.
> Probably a good idea, but make it something you can optionally turn off, 
> as there may be someone who wants to have an extended timeout on cookies 
> and has users that may connect to the app from work, home, starbucks, 
> etc. but keep the same session.
> Nick

Very good point. I hadn't thought of that.


More information about the Mod_python mailing list