|
Home > Archive > Apache Mod-Python > September 2005 > Persisten session Bug
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Persisten session Bug
|
|
| Maciej Dems 2005-09-08, 5:47 pm |
| Hello,
I would like to point to some simple bug in session handling. The problem
occurs when you want to have persistens sessions, i.e. the ones which
will stay after the user close the browser window (this is useful for
example if you want to let him stay logged-on). For this reason it is
necessary to set the expire value to session cookie other than zero
(which is the case now).
There are the simple solutions in mod_python/Session.py
In BaseSession.__init__:
if self._new:
# make a new session
if self._sid: self.unlock() # unlock old sid
self._sid = _new_sid(self._req)
self.lock() # lock new sid
if timeout:
self._timeout = timeout
else:
self._timeout = DFT_TIMEOUT
self._created = time.time()
Cookie.add_cookie(self._req, self.make_cookie())
(generally put add_cookie to an end)
and in BaseSession make_cookie:
if self._secret:
c = Cookie.SignedCookie(COOKIE_NAME, self._sid,
secret=self._secret,
expires=self._created+self._timeout+3600)
else:
c = Cookie.Cookie(COOKIE_NAME, self._sid,
expires=self._created+self._timeout+3600)
(add expires parameter; +3600 is for the case of the user clock set up
wrongly).
I hope you will correct the case in future versions of mod_python
Yours, faithfully
Maciej Dems
| |
| Graham Dumpleton 2005-09-08, 5:47 pm |
| I don't use sessions enough to comment on whether this is an appropriate
change for mod_python or not, but I would suggest that you log an
enhancement request at:
http://issues.apache.org/jira/brows...N?report=select
This will ensure any request is not overlooked. It is also preferred
that
you supply context diffs against code and that such diffs preferably be
against the most recent code base found in subversion repository:
https://svn.apache.org/repos/asf/ht...d_python/trunk/
Graham
On 08/09/2005, at 7:57 PM, Maciej Dems wrote:
> Hello,
>
> I would like to point to some simple bug in session handling. The
> problem
> occurs when you want to have persistens sessions, i.e. the ones which
> will stay after the user close the browser window (this is useful for
> example if you want to let him stay logged-on). For this reason it is
> necessary to set the expire value to session cookie other than zero
> (which is the case now).
>
> There are the simple solutions in mod_python/Session.py
>
> In BaseSession.__init__:
>
> if self._new:
> # make a new session
> if self._sid: self.unlock() # unlock old sid
> self._sid = _new_sid(self._req)
> self.lock() # lock new sid
> if timeout:
> self._timeout = timeout
> else:
> self._timeout = DFT_TIMEOUT
> self._created = time.time()
> Cookie.add_cookie(self._req, self.make_cookie())
>
> (generally put add_cookie to an end)
>
> and in BaseSession make_cookie:
>
> if self._secret:
> c = Cookie.SignedCookie(COOKIE_NAME, self._sid,
> secret=self._secret,
> expires=self._created+self._timeout+3600)
> else:
> c = Cookie.Cookie(COOKIE_NAME, self._sid,
> expires=self._created+self._timeout+3600)
>
> (add expires parameter; +3600 is for the case of the user clock set up
> wrongly).
>
> I hope you will correct the case in future versions of mod_python
|
|
|
|
|