session management
Ajay Brar
abra9823 at mail.usyd.edu.au
Sun Aug 8 00:02:14 EDT 2004
hi!
I am trying to implement session management similar to what PHP does by
having a temp file with session information and storing the
filename(which is just a random string) as a cookie on the client side.
if the client logs out, i can destroy the file and the cookie but my
question is what happens when the client does not log out? what if he
simply leaves the website? i can put a timer on the cookie, but how do i
cleanup the temp files.
also, is there some python package that already does this and does not
require any configuration on the webserver (i dont have access to config
the webserver).
and how secure would such a mechanism be? the user enters their username
and password and i compare the hash of both the username and password
with values stored in an encrypted file. if the comparison is successful
i create the session. is this a reasonably secure scheme? does anyone
see any problems with this
thanks
cheers
--
Ajay Brar
CS Honours 2004
Smart Internet Technology Research Group
http://www.it.usyd.edu.au/~abrar1
More information about the Python-list
mailing list