[Tutor] maintaining state in a web app

Mike Hansen mhansen at cso.atmel.com
Mon Nov 8 16:15:42 CET 2004


Hi Bill,

I'm leaning toward using cookies. The app will be used on our intranet, 
and other apps already require the use of cookies. The application will 
have multiple form pages, so I wanted to keep track of the user and form 
id. There won't be any sensitive information being used, so I'm not too 
concerned about it.

I was hoping to find a book that discusses common web application 
problems and recommended solutions. So far, I haven't found anything. 
Maybe I haven't been putting in the magic keywords into Safari or Amazon.

I'm also curious about if there's any easy to use web-frameworks that 
keep track of state for you. Most of the python web frameworks that I've 
taken a look at seem a little too complicated for smaller web apps. 
Maybe I need to get a couple of web apps under my belt before I see the 
light of some of the frameworks.

Mike

Bill Mill wrote:

>Mike,
>
>I don't have any books to recommend, but saving state in a web
>application is fairly simple. What you want to do is save data for a
>user, and attach it to a session ID.
>
>There are two ways to save data for a user that I've used. First, you
>could make a text file with a unique name (using a session ID for the
>filename is a Good Idea), and everytime you need a variable for the
>user, simply open the file with their session ID, and parse it for the
>variable you need. For the actual file format, you could use one of
>the various configuration file formats which have python parsers, or
>just straight python code.
>
>Second, you could create a table in a database which relates a session
>ID to whatever bits of data you want. If you're moving a lot of data,
>this may be more efficient than the previous method. It is, however,
>somewhat more complicated.
>
>To store the session ID, you should use a cookie. It's a bit more
>secure than using GET or POST variables, and it means that you can set
>and forget - no worries about hidden form variables in your pages.
>
>I believe that you can also store the actual data in a cookie, but
>that means that it's being transmitted over the web everytime the user
>accesses a page, which means that you need to be a little paranoid
>about what you put in there. In general, I think it's safer to put the
>data on your web server, where an attacker would at least have to
>figure out your system to access it.
>
>Hope this helps.
>
>Peace
>Bill Mill
>bill.mill at gmail.com
>
>
>On Fri, 05 Nov 2004 13:13:50 -0700, Mike Hansen <mhansen at cso.atmel.com> wrote:
>  
>
>>Can anyone recommend any books/web-sites that discuss maintaining state
>>in a web application? Various methods and pros/cons to each method.
>>Cookies, form Vaiables, ??? ... The material can be Python specific or
>>language neutral.
>>
>>Thanks,
>>
>>Mike
>>_______________________________________________
>>Tutor maillist  -  Tutor at python.org
>>http://mail.python.org/mailman/listinfo/tutor
>>
>>    
>>


More information about the Tutor mailing list