http session module
Paul Rubin
phr-n2001d at nightsong.com
Sat Nov 3 02:33:11 EST 2001
Jeff Davis <jdavis at empires.org> writes:
> Can someone reccommend a good http session module? I would
> prefer a stable, fairly scalable session module (one I downloaded just
> used pickle, which seems like it wouldn't work for concurrent access). I
> know there are a couple out there, but the "Vaults of Parnassus" didn't
> have many such modules.
>
> I am planning to use mod_python, so if there is some trick I can
> do with persistant memory, that would also be helpful.
It's not such a simple thing to do with apache. You have to use
a shared memory scheme, or something like "shelve" to store session
info on disk (but you need a concurrent database like Sleepycat dbm
for that).
See
http://mambo.peabody.jhu.edu/omr/omi/source/shm_source/shm.html
for a shared memory module. This is the first thing I'd try if I
wanted to implement sessions.
If you just want a little bit of per-session info, you can put it in
browser cookies and just send it back to the server on every http
request. This is the simplest and most scalable method since it works
seamlessly across load balancers, failover between servers, etc.
Note, Do NOT serialize the session with pickle if you use cookies (it
creates a security hole). Use marshal or some other method instead.
Finally, you could look at some of the fancier application shells,
like Twisted Matrix, to see how they take care of these things.
More information about the Python-list
mailing list