web.py

Session cookie is not persistent

Bug #305360 reported by Juan Pablo Scaletti
18
This bug affects 4 people
Affects Status Importance Assigned to Milestone
web.py
New
Undecided
Unassigned

Bug Description

Sometimes it would be useful to have a "remember me" option.
This patch allows to specify the persistance of the session cookie per-user.

Eg.:

--- a/web/session.py
+++ b/web/session.py
@@ -105,7 +105,10 @@ class Session(utils.ThreadedDict):
         cookie_name = self._config.cookie_name
         cookie_domain = self._config.cookie_domain
         if not self.get('_killed'):
- web.setcookie(cookie_name, self.session_id, domain=cookie_domain)
+ if self.get('persistent', False):
+ web.setcookie(cookie_name, self.session_id, expires=self._config.timeout, domain=cookie_domain)
+ else:
+ web.setcookie(cookie_name, self.session_id, domain=cookie_domai
             self.store[self.session_id] = dict(self)
         else:
             web.setcookie(cookie_name, self.session_id, expires=-1, domain=cook

Tags: session
Revision history for this message
Juan Pablo Scaletti (juanpablo-scaletti) wrote :
Revision history for this message
Chris Hager (chris-linuxuser) wrote :

Thanks for this patch! Persistent sessions is something most people will want to have.

Why is it not in the main repository? I think it's rather inconvenient to have to patch your web.py install to do that quite important thing.

Finally, here's how to use the persistent sessions:

1. Apply patch
2. Inside the handler class where you setup the user's session, just add "session.persistent = True"

Revision history for this message
Anand Chitipothu (anandology) wrote :

what will happen if the session at the server is cleaned up after the timeout?

Revision history for this message
drx (drx) wrote :

Anand, I do not understand the problem. If the session cookie is destroyed at a certain point in time, and the server at the same point in time is destroying the session data, what can go wrong?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.