[Web-SIG] Session interface, v2

Mike Orr mso at oz.net
Sun Aug 21 03:08:37 CEST 2005

Ian Bicking wrote:

> Mike Orr wrote:
> I don't think several frameworks should share a single SessionManager 
> *instance*.  

Isn't that what being a session manager means?  The single gateway to 
the stores.  Otherwise it's more a case of two instances co-managing.  
That sounds more difficult, since the two managers may have different 
bugs and thus an unintentional difference in policy.

> class ISessionManager:
>>>     id = """The string-identifier for this session manager.
>>>     All applications that share this session manager need to use the
>>>     same id when creating the session manager.
>> With this rule I was expecting some central repository of session 
>> managers, and factory functions a la logger.getLogger(), but there 
>> doesn't seem to be any.  What's the purpose of the SessionManager id?
> The session manager id is used by the session store, to keep the 
> sessions separate.  Actual session data is keyed by 
> (session_manager_id, session_id), so that separate applications have 
> separate session_manager_ids, and separate browsers have separate 
> session_ids.

OK, we're using different terminology for the same thing.  I would call 
that an application ID.  Two applications that want to share sessions 
would use the same ID, and two instances of a blogging application that 
don't want to share would have different app IDs   MySQLSessionStore has 
an app ID in the constructor, and the session is saved under (app_id, 
session_id).  It defaults to '' if you only have one application and are 
too lazy to make up a name.

Calling it app_id seems to make more sense.  The user would find it 
logical to have to name their applications (=session namespaces).  
Whereas naming "session managers" sounds like an obscure implementation 
detail not related to this.  I would think a session manager ID is its 
memory address, and why on earth would we want to know that?

>>> class ISessionStore:
>>>      def load_session(session_store_id, session_id, read_only,
>>> session_factory):
>>>      def session_ids(session_store_id):
>>>      def delete_session(session_store_id, session_id):
>>>      def touch(session_store_id, session_id):
>>>      def write_lock_session(session_store_id, session_id):
>> Isn't session_store_id 'self'?  Specifying it seems to imply this is 
>> a meta SessionStore, not an individual store.  Why would a deployment 
>> have multiple stores?
> Oops, this was a leftover from when SessionManager was named 
> SessionStore.  These should all be session_manager_id.  Fixed in svn.

OK, translating 'session_manager_id' to 'app_id', this almost makes 
sense.  So a SessionStore instance can handle multiple applications. 
Is this likely?  I'd like to find some way to avoid passing this value 
to every method, since from the application's perspective, there's only 
one that matters.

More information about the Web-SIG mailing list