[mod_python] mod_python session trouble

Jim Gallacher jg.lists at sympatico.ca
Tue May 10 11:44:14 EDT 2005

Wouter van Marle wrote:
> Thank you all for the advices, I'm going to try it tomorrow. At least it 
> gives me something to try out, and a bit better understanding of the 
> process. Unfortunately the documentation is pretty sparse there.

I'm working on improving the documentation, so these kinds of 
discussions are useful to me as well.

> Some more comments below on why reading a separate cookie:
>>call sess.save() before the end of your request as saving is not 
>>automatic. The other way you may get a new session for each request is 
>>if you start writing the response before the session is created. The 
>>session must be able to set a cookie in the response sent to the 
>>browser, and this is not possible if you've already started to send your 
> So I should call sess.save() before doing any psp run() or req.write(), 
> right? That is now not the case (I do the save at the very end of the 
> routine - after sending the page).

No, it doesn't matter when you call sess.save(). The important step is 
in the creation of the session instance. The session cookie in the 
response header is set when the session instance is created. You must do 
this before sending any part of the page. For example:

def good_requesthandler(req):
     # session handling will work
     req.content_type = "text/plain"

     # Create the session and implicitly set the session cookie
     # in the response header
     sess = Session.Session(req)

     # First call to req.write() sends the response headers
     # to the browser, which includes the session cookie, and
     # then writes the string.
     req.write("Hello World!")
     req.write("Goodbye world!")

     # Save the session data on the server
     return apache.OK

def bad_requesthandler(req):
     # session handling will not work
     req.content_type = "text/plain"

     # First call to req.write() sends the response headers to
     # the browser and then writes the string.
     req.write("Hello World!")

     # Creating the session instance generates a cookie, but
     # the response headers have already been sent as a result of
     # the previous req.write() call, so the the browser will never
     # receive the cookie.
     sess = Session.Session(req)
     req.write("Goodbye world!")

     # Save the session data on the server. The data is saved, but the
     # browser never received the cookie, so it really is not relevant.
     # As far as the browser is concerned the session data is gone.
     return apache.OK

>>I'm a little unclear why you are reading and writing the cookies, 
>>assuming you mean the session cookie. 
> I think of using a separate cookie for persistent information (currently 
> set to 90 day expiry) against session which includes login info and is 
> to keep the user logged with a timeout of say 30 minutes. At the 
> beginning of the session (new session) I want to read that persistent 
> information to provide a somewhat personalised site. Currently that is 
> only the language and the username if known, though in future that may 
> be more.

Ok. Then the problem you described with reading and writing cookies in 
an earlier message is unrelated to the session handling code. But the 
same idea applies. Make sure you set your cookie before any req.write() 


More information about the Mod_python mailing list