|
Jim Gallacher
jg.lists at sympatico.ca
Tue May 10 11:44:14 EDT 2005
Wouter van Marle wrote:
> Thank you all for the advices, I'm going to try it tomorrow. At least it
> gives me something to try out, and a bit better understanding of the
> process. Unfortunately the documentation is pretty sparse there.
I'm working on improving the documentation, so these kinds of
discussions are useful to me as well.
> Some more comments below on why reading a separate cookie:
>
>>call sess.save() before the end of your request as saving is not
>>automatic. The other way you may get a new session for each request is
>>if you start writing the response before the session is created. The
>>session must be able to set a cookie in the response sent to the
>>browser, and this is not possible if you've already started to send your
>>reply.
>>
>
> So I should call sess.save() before doing any psp run() or req.write(),
> right? That is now not the case (I do the save at the very end of the
> routine - after sending the page).
No, it doesn't matter when you call sess.save(). The important step is
in the creation of the session instance. The session cookie in the
response header is set when the session instance is created. You must do
this before sending any part of the page. For example:
def good_requesthandler(req):
# session handling will work
req.content_type = "text/plain"
# Create the session and implicitly set the session cookie
# in the response header
sess = Session.Session(req)
# First call to req.write() sends the response headers
# to the browser, which includes the session cookie, and
# then writes the string.
req.write("Hello World!")
req.write("Goodbye world!")
# Save the session data on the server
sess.save()
return apache.OK
def bad_requesthandler(req):
# session handling will not work
req.content_type = "text/plain"
# First call to req.write() sends the response headers to
# the browser and then writes the string.
req.write("Hello World!")
# Creating the session instance generates a cookie, but
# the response headers have already been sent as a result of
# the previous req.write() call, so the the browser will never
# receive the cookie.
sess = Session.Session(req)
req.write("Goodbye world!")
# Save the session data on the server. The data is saved, but the
# browser never received the cookie, so it really is not relevant.
# As far as the browser is concerned the session data is gone.
sess.save()
return apache.OK
>>I'm a little unclear why you are reading and writing the cookies,
>>assuming you mean the session cookie.
>>
>
> I think of using a separate cookie for persistent information (currently
> set to 90 day expiry) against session which includes login info and is
> to keep the user logged with a timeout of say 30 minutes. At the
> beginning of the session (new session) I want to read that persistent
> information to provide a somewhat personalised site. Currently that is
> only the language and the username if known, though in future that may
> be more.
Ok. Then the problem you described with reading and writing cookies in
an earlier message is unrelated to the session handling code. But the
same idea applies. Make sure you set your cookie before any req.write()
attempts.
Regards,
Jim
|