session management

A

Ajay Brar

hi!
I am trying to implement session management similar to what PHP does by
having a temp file with session information and storing the
filename(which is just a random string) as a cookie on the client side.
if the client logs out, i can destroy the file and the cookie but my
question is what happens when the client does not log out? what if he
simply leaves the website? i can put a timer on the cookie, but how do i
cleanup the temp files.
also, is there some python package that already does this and does not
require any configuration on the webserver (i dont have access to config
the webserver).
and how secure would such a mechanism be? the user enters their username
and password and i compare the hash of both the username and password
with values stored in an encrypted file. if the comparison is successful
i create the session. is this a reasonably secure scheme? does anyone
see any problems with this

thanks

cheers

--
Ajay Brar
CS Honours 2004
Smart Internet Technology Research Group

http://www.it.usyd.edu.au/~abrar1
 
A

A.M. Kuchling

question is what happens when the client does not log out? what if he
simply leaves the website? i can put a timer on the cookie, but how do i
cleanup the temp files.
Click to expand...

You'd need to run a cron job that periodically cleans up sessions that
haven't been touched in the last 8 or 24 or whatever hours.
also, is there some python package that already does this and does not
require any configuration on the webserver (i dont have access to config
the webserver).
Click to expand...

Most web frameworks have support for sessions; for example, Quixote's
support is described at
http://www.mems-exchange.org/software/quixote/doc/session-mgmt.html .

--amk
 
B

Benjamin Niemann

A.M. Kuchling said:
You'd need to run a cron job that periodically cleans up sessions that
haven't been touched in the last 8 or 24 or whatever hours.
Click to expand...
He says, he has not direct access to the webserver - this will most
likely ruleout cronjobs.
Instead check with every Nth request for expired session files, just
like PHP does: http://www.php.net/manual/en/ref.session.php

c ya
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problem in getting dashboard page from login page in python pycharm using POST command 0
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
Authentication session with urllib2 1
Issue with passing fetched data to POST form. How can I? 0
converting to string 1
Remote SSH and Configuring code help 0
RSA library 1
Scipy install Problems 1

Members online

Total: 30 (members: 2, guests: 28)
Robots: 663

Forum statistics

Threads
473,769
Messages
2,569,582
Members
45,057
Latest member
KetoBeezACVGummies

Latest Threads

Top