[Web-SIG] Session interface

Shannon -jj Behrens jjinux at gmail.com
Wed Aug 17 20:34:34 CEST 2005

Wow!  I'm dumbfounded by this whole conversation!  I thought session
backends were something innane enough that we could agree on them!  I
have the same use cases as Geoffrey.  No, cookies are not a good
replacement for sessions since you have to validate them everytime you
use them.  You can't trust them unless you encrypt and sign them, and
I wasn't aware that that many people were doing that.  Neither is
relying on a cookie to time out sufficient to control a session
timeout.  Clients lie.  Perhaps I have much to learn.  I'm going to
sit back and just read :-/


On 8/16/05, Geoffrey Talvola <gtalvola at nameconnector.com> wrote:
> Jonathan Ellis wrote:
> > Still, it can be good to have a simple place to store non-permanent
> > information.
> For example...
> I think a good use of sessions is in remembering selections that have been
> made earlier on.  For example, suppose you have a reporting application
> where you allow the user to select one or more items to report on from a
> list box, several filtering options in dropdowns or checkboxes, sorting and
> grouping behavior, etc.  You want to remember those settings so that if the
> user returns to the report selection page, their last selected settings are
> pre-selected.  But, unless the user chooses to save those settings as a
> "stored report", you'd like to forget the settings when the user logs out or
> when they close their browser.
> Also, assume that your application already has this bundle of selections in
> the form of a Python object.
> Isn't the cleanest, easiest, and more efficient way to handle this to simply
> save the Python object in a session variable?  In some cases, for example
> using Webware's in-memory sessions, for example, this data never has to be
> marshaled or leave the application server at all.
> If I didn't have sessions, I think using either cookies or a back-end db
> would be more work, less clean, and less efficient in this case.
> - Geoff
> _______________________________________________
> Web-SIG mailing list
> Web-SIG at python.org
> Web SIG: http://www.python.org/sigs/web-sig
> Unsubscribe: http://mail.python.org/mailman/options/web-sig/jjinux%40gmail.com

I have decided to switch to Gmail, but messages to my Yahoo account will
still get through.

More information about the Web-SIG mailing list