[mod_python] Question about Session security

Dan Eloff dan.eloff at gmail.com
Wed Jun 15 20:07:33 EDT 2005

> I see no problems with this idea in my use of mp but I believe it shouldn't be
> done. I see sessions as file-like objects and as such I think it should be made
> explicit that you want to save the changes you make to a session. It seems more
> correct to me like it is right now. Maybe I'm wrong.
> --
> dharana

Yes, I agree, it is better to have to save the session manually. For
example, suppose I have a page that makes several modifications to the
session data. If at one point there is a failure, I would end up with
a partially modified session object in an indeterminate state. Much
better to have manual save and put it after all the modifications so
that I either end up with the session as it was before the page, or I
end up with it successfully modified but nothing else.


More information about the Mod_python mailing list