Inserting cookies into a web session

John Gordon gordon at panix.com
Thu Jul 24 11:24:16 EDT 2008


In <t8lll5-4ue.ln1 at nb2.stroeder.com> =?ISO-8859-1?Q?Michael_Str=F6der?= <michael at stroeder.com> writes:

> John Gordon wrote:
> > I'm developing a web application that needs a semi-persistent way to
> > store information.
> > 
> > I've looked at some options such as writing entries to a database table
> > or creating small textfiles, but I'm not thrilled with anything I've come
> > up with so far.

> What's the problem?

The problem is databases and textfiles are too heavyweight.  I only need
the information for the duration of a session; I don't want to have to worry
about cleaning up the database or textfile afterwards.

To explain my requirements a bit more, I'm writing a web-based contact
manager application.  The basic contact unit is a person, and I'm currently
working on the page layout for displaying information relating to a person.

The top section of the page is always the same: it shows your personal
information.  Name, userid, title, etc.

But the bottom section of the page can change; it shows one of several
different kinds of information.  It can either display your home and office
address, or it can show all the ways you can be contacted (phone, email,
pager, etc), or it can show the times during which you wish to be contacted.

(I didn't choose this layout; it was all done and approved before I joined
the project.  I just have to implement it.)

My problem is if the user goes to the top portion of the page and changes
some of the information there, for example he wants to change his title,
that information is self-contained in a form and knows nothing about the
choice the user made of what to show at the bottom of the page.

Of course, I could add the choice as a hidden form element at the top of
the page.  But that seems kludgy -- that form *shouldn't* have to know.
And the page layout isn't as simple as I've described here; there are
actually lots of these little self-contained forms that are unrelated to
the information at the bottom of the page, and I'd rather not have to
add a hidden element to all of them.

Using a cookie seems like an ideal solution.  When the session starts,
I can set the choice to the default setting of "address", and if the user
ever clicks on "show me my contact methods" or "show me my times", I just
set the cookie to that choice.  I don't have to worry about passing the
choice around in each of the dozen or so forms that are on the page.

> Before using cookies keep in mind that the cookies returned by the 
> browser are not trustworthy! You have to validate the values each time.

I'm not sure it's worth the trouble in my case.  I won't be depending on
the cookie for sensitive information; I'm just using it as a stored setting
for which kind of information to display on the page.

> http://docs.python.org/lib/module-Cookie.html

That looks great!

> Ciao, Michael.

Thanks Michael.  :-)

-- 
John Gordon                   A is for Amy, who fell down the stairs
gordon at panix.com              B is for Basil, assaulted by bears
                                -- Edward Gorey, "The Gashlycrumb Tinies"




More information about the Python-list mailing list