session management

Ajay Brar abra9823 at mail.usyd.edu.au
Sun Aug 8 06:02:14 CEST 2004


hi!
I am trying to implement session management similar to what PHP does by 
having a temp file with session information and storing the 
filename(which is just a random string) as a cookie on the client side.
if the client logs out, i can destroy the file and the cookie but my 
question is what happens when the client does not log out? what if he 
simply leaves the website? i can put a timer on the cookie, but how do i 
cleanup the temp files.
also, is there some python package that already does this and does not 
require any configuration on the webserver (i dont have access to config 
the webserver).
and how secure would such a mechanism be? the user enters their username 
and password and i compare the hash of both the username and password 
with values stored in an encrypted file. if the comparison is successful 
i create the session. is this a reasonably secure scheme? does anyone 
see any problems with this

thanks

cheers

-- 
Ajay Brar
CS Honours 2004
Smart Internet Technology Research Group

http://www.it.usyd.edu.au/~abrar1




More information about the Python-list mailing list