You are viewing a plain text version of this content. The canonical link for it is here.
Posted to mod_python-dev@quetz.apache.org by Stanislav Ershov <st...@telecom.ozersk.ru> on 2006/03/21 09:39:58 UTC
cookies generation by session, patch
Hi,
I wrote a simple patch for 'Session.py'. Patch adds possibility to
disable cookies generation by session. And it's optional.
By default cookies generation enabled.
Add Apache directive 'Python Option sessin_cookie_generation 0' for
disabling.
--- mod_python-3.2.8.orig/lib/python/mod_python/Session.py Mon Feb 20
00:51:18 2006
+++ mod_python-3.2.8/lib/python/mod_python/Session.py Tue Mar 21
09:50:46 2006
@@ -138,17 +138,19 @@
dict.__init__(self)
session_cookie_name =
req.get_options().get("session_cookie_name",COOKIE_NAME)
+ session_cookie_generation =
int(req.get_options().get("session_cookie_generation",1))
if not self._sid:
- # check to see if cookie exists
- if secret:
- cookies = Cookie.get_cookies(req,
Class=Cookie.SignedCookie,
- secret=self._secret)
- else:
- cookies = Cookie.get_cookies(req)
+ if session_cookie_generation:
+ # check to see if cookie exists
+ if secret:
+ cookies = Cookie.get_cookies(req,
Class=Cookie.SignedCookie,
+ secret=self._secret)
+ else:
+ cookies = Cookie.get_cookies(req)
- if cookies.has_key(session_cookie_name):
- self._sid = cookies[session_cookie_name].value
+ if cookies.has_key(session_cookie_name):
+ self._sid = cookies[session_cookie_name].value
if self._sid:
# Validate the sid *before* locking the session
@@ -171,7 +173,8 @@
if self._sid: self.unlock() # unlock old sid
self._sid = _new_sid(self._req)
self.lock() # lock new sid
- Cookie.add_cookie(self._req, self.make_cookie())
+ if session_cookie_generation:
+ Cookie.add_cookie(self._req, self.make_cookie())
self._created = time.time()
if timeout:
self._timeout = timeout
Re: cookies generation by session, patch
Posted by Graham Dumpleton <gr...@dscpl.com.au>.
Now can you explain why one would want to do this?
Unless you provide some justification of why it is necessary it is
less likely
to be accepted as although the reasons may be obvious to you, it may not
be to us. There also may be better ways of achieving the same end.
Also, describe why this would be better than simply deleting the cookie
that is being created from the outgoing headers.
del req.headers_out["Set-Cookie"]
Graham
On 21/03/2006, at 7:39 PM, Stanislav Ershov wrote:
> Hi,
> I wrote a simple patch for 'Session.py'. Patch adds possibility to
> disable cookies generation by session. And it's optional.
>
> By default cookies generation enabled.
> Add Apache directive 'Python Option sessin_cookie_generation 0' for
> disabling.
>
> --- mod_python-3.2.8.orig/lib/python/mod_python/Session.py Mon Feb
> 20 00:51:18 2006
> +++ mod_python-3.2.8/lib/python/mod_python/Session.py Tue Mar 21
> 09:50:46 2006
> @@ -138,17 +138,19 @@
> dict.__init__(self)
>
> session_cookie_name = req.get_options().get
> ("session_cookie_name",COOKIE_NAME)
> + session_cookie_generation = int(req.get_options().get
> ("session_cookie_generation",1))
>
> if not self._sid:
> - # check to see if cookie exists
> - if secret:
> - cookies = Cookie.get_cookies(req,
> Class=Cookie.SignedCookie,
> - secret=self._secret)
> - else:
> - cookies = Cookie.get_cookies(req)
> + if session_cookie_generation:
> + # check to see if cookie exists
> + if secret:
> + cookies = Cookie.get_cookies(req,
> Class=Cookie.SignedCookie,
> + secret=self._secret)
> + else:
> + cookies = Cookie.get_cookies(req)
>
> - if cookies.has_key(session_cookie_name):
> - self._sid = cookies[session_cookie_name].value
> + if cookies.has_key(session_cookie_name):
> + self._sid = cookies[session_cookie_name].value
>
> if self._sid:
> # Validate the sid *before* locking the session
> @@ -171,7 +173,8 @@
> if self._sid: self.unlock() # unlock old sid
> self._sid = _new_sid(self._req)
> self.lock() # lock new sid
> - Cookie.add_cookie(self._req, self.make_cookie())
> + if session_cookie_generation:
> + Cookie.add_cookie(self._req, self.make_cookie())
> self._created = time.time()
> if timeout:
> self._timeout = timeout