Securing 'pickle'
Jiri Barton
jbar at lf1.cuni.cz
Fri Jul 11 12:03:20 EDT 2003
I store cookies on the server in MySQL database. Here's the schema of the
table:
CREATE TABLE `cookies` (
`id` int(10) unsigned NOT NULL auto_increment,
`time` timestamp(14) NOT NULL,
`ip` varchar(20) NOT NULL default '',
`data` blob NOT NULL,
PRIMARY KEY (`id`)
) TYPE=MyISAM;
id - sessionID
time - using for session timeout
ip - the remote IP address
data - pickled data, urllib.quote'd, because of the control chars
Disposing cookies:
- when the session times out
- after a number of requests (say 1000), approximately, I scan the table
for outdated cookies and delete them --
if random.randrange (1000) == 0: #scan & remove cookies
More information about the Python-list
mailing list