tags:

views:

39

answers:

2
+1  Q: 

GaeUtilities: Session Problem

Hi,

I'm programming an application with google app engine, with django 1.1 (no django pacth or others), well as you know is impossible use django login and session features so I download Gae utility and use Session Object (http://gaeutilities.appspot.com/) but some time this object create 2 sessions instead 1 session ... here's code

def index(request):

     aSWrap = SWrap(SWrap.createSession())
     ....
      def login(request):

     aSWrap = SWrap(SWrap.createSession())
     ....


      class SWrap(object):

   @classmethod    
   def createSession():

     return Session(cookie_name='my_cookie',session_expire_time=7200)

and for setting session no expiration or really long expiration...enter code here Thanks

+2  A: 

I suggest using a different sessions library. Check out this comparison of the available sessions libraries for GAE.

I'd recommend gae-sessions - it presents an API almost identical to the library you are currently using, but it is much faster and shouldn't give you headaches like the bug you've encountered above.

Disclaimer: I wrote gae-sessions, but I'm not the only one who would recommend it. Here is a recent thread discussing sessions on the google group for GAE python.

David Underhill  2010-07-20 11:56:27
wow thanks I will try it soon, and thanks to share your library
 2010-07-21 17:41:12
and is it strong like gaeutilities? I mean about security issue
 2010-07-21 17:44:05
Yes, they are both equally resistant to session hijacking and fixation attacks (and the same with other session libraries). Of course all of them all vulnerable to man-in-the-middle attacks unless your users are connected over a secure channel (HTTPS). So use HTTPS (or switch to HTTPS and change the session ID) for portions of your site where security is paramount (just like Amazon and others do).
David Underhill  2010-07-21 18:02:44
ok, great I'm already switching to your session lib it's great thanks
 2010-07-22 15:48:31
You're welcome, enjoy!
David Underhill  2010-07-22 18:17:50
A: 

What are you trying to do with SWrap(SWrap.createSession())? It looks like the result of SWrap.createSession() is passed to the SWrap() constructor. Have you omitted part of the definition of SWrap?

Perhaps this is more what you are wanting:

def index(request):
    mysession = SWrap.createSession()
    ....

def login(request):
    mysession = SWrap.createSession()
    ....

class SWrap(object):
    @staticmethod    
    def createSession():
        return Session(cookie_name='my_cookie',session_expire_time=7200)
cope360  2010-07-20 13:08:07
yes I've omitted, before I've tried to put create session into constructor but don't works at all :) thanks for the answer
 2010-07-21 17:39:41

related questions

What is typically the length of your optimal coding session?
What's the most current, good practice, and easiest way to use sessions in PHP?
What can cause an ASP.NET worker process to be recycled?
How do I explicitly set asp.net sessions to ONLY expire on closing the browser or explicit logou?
session variable mixup in ASP.NET?
In Classic asp, can I store a database connection in the Session object?
What are the advantages and disadvantages of the Session Façade Core J2EE Pattern?
Different values of GetHashCode for inproc and stateserver session variables
Best way for allowing subdomain session cookies using Tomcat
Is there a way to specify a different session store with Tomcat?
PHP: $_SESSION - What are the pros and cons of storing temporarily used data in the $_SESSION variable
What is the best way to handle sessions for a PHP site on multiple hosts?
How much data can/should you store in a users session object?
ASP.Net Session_Start event not firing
Logging image downloads
ASP.Net: If I have the Session ID, Can I get the Session object?
Secure session cookies in ASP.NET over HTTPS
Django Sessions
Can I put an ASP.Net session ID in a hidden form field?
Always including the user in the django template context
Rails - recovering database from Production.log
Most efficient way to get data from the database to session
What is the best way to prevent session hijacking?
FOSS ASP.Net Session Replication Solution?
How do I best detect an ASP.NET expired session?