session management

Discussion in 'Python' started by Ajay Brar, Aug 8, 2004.

  1. Ajay Brar

    Ajay Brar Guest

    hi!
    I am trying to implement session management similar to what PHP does by
    having a temp file with session information and storing the
    filename(which is just a random string) as a cookie on the client side.
    if the client logs out, i can destroy the file and the cookie but my
    question is what happens when the client does not log out? what if he
    simply leaves the website? i can put a timer on the cookie, but how do i
    cleanup the temp files.
    also, is there some python package that already does this and does not
    require any configuration on the webserver (i dont have access to config
    the webserver).
    and how secure would such a mechanism be? the user enters their username
    and password and i compare the hash of both the username and password
    with values stored in an encrypted file. if the comparison is successful
    i create the session. is this a reasonably secure scheme? does anyone
    see any problems with this

    thanks

    cheers

    --
    Ajay Brar
    CS Honours 2004
    Smart Internet Technology Research Group

    http://www.it.usyd.edu.au/~abrar1
    Ajay Brar, Aug 8, 2004
    #1
    1. Advertising

  2. On Sun, 08 Aug 2004 14:02:14 +1000,
    Ajay Brar <> wrote:
    > question is what happens when the client does not log out? what if he
    > simply leaves the website? i can put a timer on the cookie, but how do i
    > cleanup the temp files.


    You'd need to run a cron job that periodically cleans up sessions that
    haven't been touched in the last 8 or 24 or whatever hours.

    > also, is there some python package that already does this and does not
    > require any configuration on the webserver (i dont have access to config
    > the webserver).


    Most web frameworks have support for sessions; for example, Quixote's
    support is described at
    http://www.mems-exchange.org/software/quixote/doc/session-mgmt.html .

    --amk
    A.M. Kuchling, Aug 9, 2004
    #2
    1. Advertising

  3. A.M. Kuchling wrote:

    > On Sun, 08 Aug 2004 14:02:14 +1000,
    > Ajay Brar <> wrote:
    >
    >>question is what happens when the client does not log out? what if he
    >>simply leaves the website? i can put a timer on the cookie, but how do i
    >>cleanup the temp files.

    >
    >
    > You'd need to run a cron job that periodically cleans up sessions that
    > haven't been touched in the last 8 or 24 or whatever hours.

    He says, he has not direct access to the webserver - this will most
    likely ruleout cronjobs.
    Instead check with every Nth request for expired session files, just
    like PHP does: http://www.php.net/manual/en/ref.session.php

    c ya
    Benjamin Niemann, Aug 10, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jeff Smythe
    Replies:
    3
    Views:
    1,226
    Jeff Smythe
    Jan 2, 2004
  2. Floris van Haaster

    Project management / bug management

    Floris van Haaster, Sep 23, 2005, in forum: ASP .Net
    Replies:
    3
    Views:
    1,230
    Jon Paal
    Sep 23, 2005
  3. pouet
    Replies:
    2
    Views:
    737
    Will Hartung
    Jul 30, 2004
  4. =?Utf-8?B?Um9iSEs=?=
    Replies:
    4
    Views:
    5,251
    =?Utf-8?B?Um9iSEs=?=
    Apr 11, 2007
  5. Jazzis
    Replies:
    2
    Views:
    233
    Jazzis
    Sep 23, 2003
Loading...

Share This Page