Securing 'pickle'

Jiri Barton jbar at lf1.cuni.cz
Fri Jul 11 18:03:20 CEST 2003


I store cookies on the server in MySQL database. Here's the schema of the
table:

CREATE TABLE `cookies` (
  `id` int(10) unsigned NOT NULL auto_increment,
  `time` timestamp(14) NOT NULL,
  `ip` varchar(20) NOT NULL default '',
  `data` blob NOT NULL,
  PRIMARY KEY  (`id`)
) TYPE=MyISAM;

id - sessionID
time - using for session timeout
ip - the remote IP address 
data - pickled data, urllib.quote'd, because of the control chars

Disposing cookies:
 - when the session times out
 - after a number of requests (say 1000), approximately, I scan the table
for outdated cookies and delete them -- 
    if random.randrange (1000) == 0: #scan & remove cookies







More information about the Python-list mailing list