[Flask] Usage of session and g variables

Jeff Widman jeff at jeffwidman.com
Mon Sep 21 22:48:02 CEST 2015


If at all possible, avoid credit card data ever directly touching your
server.

It's a huge security risk that's really, really hard to get right, plus
there's a bunch of hoops related to PCI compliance.

Instead if you're rolling your own shopping cart, just use something like
Stripe's javascript for the actual payment processing so that the credit
card data goes straight from the client to Stripe's servers, and then you
only need store the callback from Stripe that the customer's payment
'succeeeded', without actually storing the underlying data.


ᐧ

On Mon, Sep 21, 2015 at 10:44 AM, Jonathan Chen <tamasiaina at gmail.com>
wrote:

> Sessions will persist through secured cookies while the g variable only
> persist with each request. So for a shopping cart a session object would be
> better to use.
>
> If you wanted to store temporarily information like for instance a credit
> card or something similar you can put it in the g variable to be process
> the credit card information later.
>
>
> ~Jonathan C.
>
> On Mon, Sep 21, 2015 at 10:11 AM, Corey Boyle <coreybrett at gmail.com>
> wrote:
>
>> I can't answer your question directly, but maybe you could get some
>> inspiration from this.
>> http://satchless.com/
>>
>> On Mon, Sep 21, 2015 at 12:39 PM, Kyle Lawlor <klawlor419 at gmail.com>
>> wrote:
>> > Hi, all.
>> >
>> >
>> > I am currently in the process of designing a website for a friends
>> > restaurant. I am planning to deploy the website through Heroku. I am
>> just
>> > hoping to keep the costs down for my friend and learn a few things.
>> >
>> > I want to create a portion of the website that can be used for online
>> > checkout. I aiming for something similar to any ordering application,
>> i.e.
>> > grubhub. I have some of the website together, I will post a link to its
>> git
>> > repository below.
>> >
>> > One thing I have been struggling to understand with Flask is the use of
>> > session variables and global (g) variables. My purpose is to create a
>> > shopping cart, where I can store what a user wants to order.
>> >
>> > So far I have tried creating a standard python array and a variable
>> within
>> > the view function for the orders page. This is in principle to store
>> which
>> > items the user selects and to store the total price. The items selected
>> and
>> > the total price are then rendered appropriately. The obvious problem
>> with
>> > this method is that the objects are cleared after each request. So the
>> item
>> > selected and the total price only reflects the previous request.
>> >
>> > One way to get around this is to create a global variable outside of the
>> > route for a given view function. I believe this is incorrect because it
>> > stores the data even after I go elsewhere on the site.
>> >
>> > Creating session variables or global variables for that matter and then
>> > updating them as selections are made seems to have the same issue as
>> using
>> > python storage variables within the view function. Please see these
>> links
>> > for the view function I am talking about.
>> >
>> > Declaration of variables (using the g object in this case):
>> >
>> https://github.com/callmeskywalker/casa-sabor/blob/master/app/main/views.py#L40
>> > Here is where I look for the user to add an item, and attempt to store
>> the
>> > data:
>> >
>> https://github.com/callmeskywalker/casa-sabor/blob/master/app/main/views.py#L97
>> >
>> > I am at point now where I am not sure that the usage of session and g
>> > variables are what I am trying to use them for. I wonder if this is now
>> a
>> > case where using a database is the technically correct/better thing to
>> do.
>> >
>> > My questions are:
>> > Is my use of global variables problematic?
>> > Is there a way to use session and/or g for this purpose?
>> > Am I better off using a database for storing this data?
>> >
>> > Please keep in mind I brand new to using flask and web development in
>> > general. I look forward to hearing back to any responses. Feel free to
>> cover
>> > basics of web development, because I am sure that I am missing some.
>> >
>> > If anyone is interested or wants to see the website in action, here is
>> the
>> > entire git repository:
>> > https://github.com/callmeskywalker/casa-sabor
>> >
>> >
>> > Thanks, Kyle
>> >
>> > _______________________________________________
>> > Flask mailing list
>> > Flask at python.org
>> > https://mail.python.org/mailman/listinfo/flask
>> >
>> _______________________________________________
>> Flask mailing list
>> Flask at python.org
>> https://mail.python.org/mailman/listinfo/flask
>>
>
>
> _______________________________________________
> Flask mailing list
> Flask at python.org
> https://mail.python.org/mailman/listinfo/flask
>
>


-- 

*Jeff Widman*
jeffwidman.com <http://www.jeffwidman.com/> | 740-WIDMAN-J (943-6265)
<><
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/flask/attachments/20150921/9c117a24/attachment-0001.html>


More information about the Flask mailing list