[Web-SIG] Session interface
Shannon -jj Behrens
jjinux at gmail.com
Wed Aug 17 20:34:34 CEST 2005
Wow! I'm dumbfounded by this whole conversation! I thought session
backends were something innane enough that we could agree on them! I
have the same use cases as Geoffrey. No, cookies are not a good
replacement for sessions since you have to validate them everytime you
use them. You can't trust them unless you encrypt and sign them, and
I wasn't aware that that many people were doing that. Neither is
relying on a cookie to time out sufficient to control a session
timeout. Clients lie. Perhaps I have much to learn. I'm going to
sit back and just read :-/
On 8/16/05, Geoffrey Talvola <gtalvola at nameconnector.com> wrote:
> Jonathan Ellis wrote:
> > Still, it can be good to have a simple place to store non-permanent
> > information.
> For example...
> I think a good use of sessions is in remembering selections that have been
> made earlier on. For example, suppose you have a reporting application
> where you allow the user to select one or more items to report on from a
> list box, several filtering options in dropdowns or checkboxes, sorting and
> grouping behavior, etc. You want to remember those settings so that if the
> user returns to the report selection page, their last selected settings are
> pre-selected. But, unless the user chooses to save those settings as a
> "stored report", you'd like to forget the settings when the user logs out or
> when they close their browser.
> Also, assume that your application already has this bundle of selections in
> the form of a Python object.
> Isn't the cleanest, easiest, and more efficient way to handle this to simply
> save the Python object in a session variable? In some cases, for example
> using Webware's in-memory sessions, for example, this data never has to be
> marshaled or leave the application server at all.
> If I didn't have sessions, I think using either cookies or a back-end db
> would be more work, less clean, and less efficient in this case.
> - Geoff
> Web-SIG mailing list
> Web-SIG at python.org
> Web SIG: http://www.python.org/sigs/web-sig
> Unsubscribe: http://mail.python.org/mailman/options/web-sig/jjinux%40gmail.com
I have decided to switch to Gmail, but messages to my Yahoo account will
still get through.
More information about the Web-SIG