The state is saved via a cookie that is a token the library keys off of. If
you haven't changed the default settings then you should have a cookie in
your browser named something like gaeutilities-session.
If IE is configured to not accept cookies from the domain you are testing,
then that
The security is the rotating session token.
It works basically like this. A session token is valid for x seconds, and
then a backlog of x tokens are considered valid. The reason that multiple
tokens are valid is to support sites using ajax requests which may have
request/response out of
The purpose of restricting logins to one session is to avoid session
hijacking. gaeutilities has features that help your site avoid session
hijacking which have been made even easier with tools like Firesheep -
http://codebutler.com/firesheep
Since (as of last I checked) you can't use ssl when
Can the contacts for gaeutiltities, top project, be changed to
bowman.jos...@gmail.com? the link there is to the old google code
hosted project, which I believe is causing some confusion as I've
moved it to github.
--
You received this message because you are subscribed to the Google Groups
Hi I just found this thread...
I've gone ahead and filed an issue with a suggested fix for the
gaeutilities project on github. I'm pretty behind on getting stuff in
for that project, I'm not using appengine a lot at the moment. I'll
try to get to it when i can, of if someone is feeling fiesty
After creating the ROTModel (retry on timeout Model) for gaeutiltiies,
I learned the functionality I implemented was actually put into the
base datastore API. If a write failed, it retries the write a few
times before raising the Timeout exception if it continues to fail. In
the trunk for
Hello,
The past several planned and unplanned outages where the datastore has
been readonly, has also had the memcache made unavailable for at least
part of the duration.
I'd been working on the python session class, expanding it to allow
for periods where the datastore was read only, but
Does this exception just mean the datastore is down, or that both the
datastore and memcache are down? The current svn for gaeutilities is
written so it can catch datastore write failures, and fallback to
memcache, syncing back when it can write to the datastore again for
both session and class.
Not much new in this release. There was an issue where entities with
empty sid values were getting created along with valid new sessions,
this bug has been fixed.
cache has also been expanded to have a has_key() method.
Work has begun on a pagination library for gaeutilities, more
information can
I'm hoping to get a release out tonight to fix a bug in the current
version 1.1.3. Unfortunately I haven't had access to sit down and work
out the fix and release until this evening, and even then I'm not sure
I'll have time. As such, for anyone using the library, and
encountering the problem
http://gaeutilities.appspot.com/
Version 1.2 of gaeutilities is now available. This release includes
and important bugfix for session deletion and is recommended for all
users. This release also introduces new functionality for session, the
ability to set the writer. The options are datastore
Awesome, can't wait to try it out!
On Feb 10, 7:39 am, Waldemar Kornewald wkornew...@gmail.com wrote:
Hi everyone,
please grab our new app-engine-patch 1.0beta release. Major new
features: support for Django's admin interface, the media generator
(combines and compresses your JS/CSS files
This release is primarily a bugfix release.
- session: bugfix to handle str() and len() methods when there is no
session data. Issue #12
- session: delete_all_sessions changed to a class method. Issue #14
(NOTE: delete_all_sessions is not complete)
- session: Modified session token to include
Sorry, forgot the url
http://gaeutilities.appspot.com
On Feb 8, 1:51 am, bowman.jos...@gmail.com bowman.jos...@gmail.com
wrote:
This release is primarily a bugfix release.
- session: bugfix to handle str() and len() methods when there is no
session data. Issue #12
- session
I learned python in order to use appengine. Though if you're already
learning another language for professional reasons (job requirement)
you may be better off waiting until you are comfortable with that
language, or at least until you know what the next release offers.
I've taught myself C,
As a suggestion, the app-engine-patch project is a very nice product.
I'm personally using it, on substituting gaeutiltiies sessions and
cache, with very good results on my primary project. Being able to
take advantage of Django's backends had me authenticating accoutns
through Google (OpenID)
Sessions provide you with a way to store information about the current
site visitor across requests. It's the foundation for an
authentication system, but does not actually provide.
What you would need to do is store within the session that the user is
logged in. In most cases it would work
Well to answer your question, you'd need to regenerate your index, or
build it in such a way as items can be removed from it.
My approach to paging was this. I determined for my product I didn't
need to offer more than 100 items in a set.
When the system that needs paging is first hit, I pull
I've started work on version 1.1.3 of gaeutilities which is going to
add a flag to not save new sessions by default, as well as adding a
save method. I've got the first bit of functionality live on a site
that every hour has a script that connects and adds anywhere from
80-150 items to my
reach the same level of scalability.
-Ryan
On Jan 26, 5:21 pm, bowman.jos...@gmail.com
bowman.jos...@gmail.com wrote:
As someone suggested in that thread, I'd suggest you look at Google
Openid. I went this route because it also offers a way for you to
persist your user identity if you
gaeutilities - http://gaeutilities.appspot.com/ - release 1.1.2 is now
out. It is strongly recommended anyone using the session class upgrade
to this version. 1 critical and 1 important bug is solved in this
release. Also there is a marginal performance increase by being able
to configure how
As someone suggested in that thread, I'd suggest you look at Google
Openid. I went this route because it also offers a way for you to
persist your user identity if you move your domain off of appengine.
On Jan 26, 5:22 pm, Ryan Lamansky spam...@kardax.com wrote:
As a follow-up to this thread
The problems I see what that approach is:
- 1 time token can be sniffed. We have limited ssl support with
appengine which is why the session token client side needs to change.
- Relying on gears, flash, or even javascript creates client side
dependencies. gaeutilities already has a dependency
volatile in the
sense of being either up or down. rather, it throws out stored data
randomly as far as the developer is concerned as load increases.
On Jan 23, 1:37 am, bowman.jos...@gmail.com
bowman.jos...@gmail.com wrote:
By the way, I really am not concerned with analysis attacks. It's
the
cookie domain set correctly for your sessions.
This is something that would make an interesting little project, I
wish I had time for.
On Jan 23, 10:42 pm, bowman.jos...@gmail.com
bowman.jos...@gmail.com wrote:
gaeutilities -http://gaeutilities.appspot.com/- has a session class
built
with their own cookies).
On Jan 21, 8:33 pm, bowman.jos...@gmail.com
bowman.jos...@gmail.com wrote:
Does beaker store all session information as cookies?
I'm just trying to figure out the value in the signed cookie approach,
because if I can figure out a way for it to make sense I would
variable)
if random.randint(1, 100) CLEAN_CHECK_PERCENT:
self._clean_old_sessions()
On Jan 22, 4:38 pm, bowman.jos...@gmail.com
bowman.jos...@gmail.com wrote:
I think it's a case of it's been that way for so long I haven't
realized I need to change it. The put on every write
There's been some ongoing discussion about the approach I and others
have been taking to session management in our appengine applications.
I always rank security over performance, but with how heavy datastore
writes are, this can be problematic and eventually expensive for
applications.
I've
that :\ ... The advantage
would be you're only updating a single datastore entity every
session_token_ttl.
On Jan 22, 9:24 pm, bowman.jos...@gmail.com
bowman.jos...@gmail.com wrote:
I've gone with a different approach that currently achieves similar
results, that's now available in the trunk
Does beaker store all session information as cookies?
I'm just trying to figure out the value in the signed cookie approach,
because if I can figure out a way for it to make sense I would
consider moving gaeutilities to that approach.
gaeutilities stores only a temporary session token in the
http://gaeutilities.appspot.com/
gaeutilities has been upgraded to version 1.1.1, this is a suggested
upgrade for all developers using the libraries. This release includes
some performance optimizations, bugfixes, and the release of new
ROTModel (Retry on Timeout Model). Please note that pages
Thanks for both links. I think I need to go back over that site. That
page on exceptions was much better than the book I bought.
On Jan 15, 6:28 pm, Alexander Kojevnikov alexan...@kojevnikov.com
wrote:
Oh ok.. so it is possible to catch that. It's datastore.Timeout and
not db.Timeout, right?
I like it. Now lets hope people don't drive poor Alexander and Bill
crazy with questions. :)
On Jan 15, 7:36 pm, boson dan.kam...@gmail.com wrote:
Yay! Both Alexander Bill have been very helpful and knowledgeable.
I'm glad to see the formal recognition and development of the GAE
community.
On Jan 14, 11:11 pm, Alexander Kojevnikov alexan...@kojevnikov.com
wrote:
Is there any way to catch the timeout error specifically? That way it
doesn't bother to retry if something else is the problem.
Sure, just replace except with except db.Timeout
Oh ok.. so it is possible to catch
I have the basics, which are posted below. However, this is where I'm
realizing I'm still very new at learning python. What I'd like to do
it only catch the timeout error for the retries, and at the end of the
retries go ahead and return the timeout error, as if it's failed 3
times, I'm going to
:
try:
return db.Model.put(self)
except:
count += 1
if count == 3:
raise
Cheers,
Alex
--www.muspy.com
On Jan 15, 4:09 am, bowman.jos...@gmail.com
bowman.jos...@gmail.com wrote:
I have the basics
I've added issue 982:
http://code.google.com/p/googleappengine/issues/detail?id=982
as an issue to include a possible workaround for the datastore
timeouts.
Here's the text of the issue:
From what I can tell, it's not a case of if you're going to get
datastore
timeouts on puts, but when. My
For the record, I regularly pull 100 entities, that are much smaller
than yours, for my application in order to page through them.
Basically to meet a paging requirement I pull 100, cache that result,
then page within it. I do think they size of your entities are part of
the problem
Though, I
When writing the Cron application for gaeutilities I ran into the need
to ran two instances, as the dev_appserver can't make a request to
itself. All I did was run the second instance on a different port,
didn't have to mess with the address. Mind you, it didn't make a lot
of requests to the
Guys, I think you need to take a step back and look at this from a
higher level.
Appengine supplies you with an instance in a cloud that includes a
customized python set, and a BigTable backend. It does not support
multiple BigTable backends and design wise I doubt it ever will. There
comes a
I've got several blogs scattered around and use none of them, so I
thought I'd post this here and maybe some of the ideas and methods I'm
using might help other developers using appengine.
Let me preface this with, I've come to the conclusion that appengine
is not the right tool for everyjob,
If it's going to make a request each time it needs to calculate next
suggestions, you could quickly hit your requests quota. When doing
Ajax style functionality on your appengine site, it's best to keep in
mind you have a finite amount of requests available to your
application per day.
On Jan 6,
user that does not do
simultanious requests this index-situation does not apply
2009/1/1 bowman.jos...@gmail.com bowman.jos...@gmail.com:
Trying to track down a very inconsistent issue with gaeutilities
session. I don't know enough about the backend to make some guesses,
so am asking
Trying to track down a very inconsistent issue with gaeutilities
session. I don't know enough about the backend to make some guesses,
so am asking.
When I enter an entity into BigTable, is that the only instance that
exists and all front ends that users hit will read that same entity,
or is
I'm not sure if you all changed anything, but this just worked for
me.
On Dec 18, 2:44 pm, bowman.jos...@gmail.com
bowman.jos...@gmail.com wrote:
I've been relying on the Kind drop down. The only other difference is
that I'm also working within a Django structure.
I did just do the test
Not sure, the only things I can think of is that I am doing other puts
to another model before that one? And also, I'm using db.Model not
db.Expando.
On Dec 18, 12:37 am, ryan ryanb+appeng...@google.com wrote:
sorry for the trouble, and thanks for the detailed info! we definitely
do want to
I'd try taking my example on as a demo application. Some differences
are
1. You example below you to a put in TestModelB before the
get_or_insert. I believe in my example I found that this would work.
2. Everything in my example is happening in one request, whereas the
shell I believe you're
Ah ha, Ryan, try this (unless I made a typo somewhere, for some reason
Chrome and that textbox don't like each other and I was too lazy to
change browsers). Note how I do the testa.put() and then the
JoeTestB.get_or_insert all in the same box, then I when I go to check
JoeTestB I can't. It looks
relying on the kind drop down? I'm curious to know if this might be
where the difference is.
-Marzia
On Thu, Dec 18, 2008 at 11:26 AM, bowman.jos...@gmail.com
bowman.jos...@gmail.com wrote:
I'd try taking my example on as a demo application. Some differences
are
1. You example below
I see nothing wrong with Marzia's response. The move from 0.96 to 1.0
does in fact break things. Having the change made underneath you
without time to prepare and make migration changes will break lots of
peoples applications.
Check out appengine patch. I'm using it and Django 1.0 because of it
I'm noticing on my app, requests where I have multiple puts only
appear to be doing the initial put, and not the following ones. Not
sure if this is the same issue you are running into, but this is new
as the functionality did exist before. Though, it does seem to
possibly be working for other
we look in
to the issues here.
-Marzia
On Wed, Dec 17, 2008 at 5:28 PM, bowman.jos...@gmail.com
bowman.jos...@gmail.com wrote:
I'm noticing on my app, requests where I have multiple puts only
appear to be doing the initial put, and not the following ones. Not
sure if this is the same
(goi_test2, testval=get_or_insert
test 2)
return HttpResponse(Test run, check TestModel in data viewer.)
On this test (where I do a put() to get data instantiated in
TestModel2 first), everything works as expected, all data is added.
Hope this helps.
On Dec 17, 8:44 pm, bowman.jos...@gmail.com
thinking about it (as are others) and I will let you
know.
-Marzia
On Wed, Dec 17, 2008 at 6:12 PM, bowman.jos...@gmail.com
bowman.jos...@gmail.com wrote:
ok, I think I found the problem. Looks like get_or_insert is failing
when there are no entities existing for a model.
# Models
to
clear the datastore on your local machine to fix this issue.
-Marzia
On Sat, Dec 13, 2008 at 7:52 AM, bowman.jos...@gmail.com
bowman.jos...@gmail.com wrote:
I didn't have much luck with switching to a datetimeproperty using
milliseconds eithers. I also tried handling the value changing
, bowman.jos...@gmail.com
bowman.jos...@gmail.com wrote:
This is actually happening on Linux, not sure if that matters or not.
Clearing the datastore is my only solution to getting it back up on
the SDK currently, but once I run the routine again, it's corrupted
again. I did try converting
if it is just a problem with my code, I'll let this
topic die. Thanks again.
On Dec 15, 3:33 pm, bowman.jos...@gmail.com
bowman.jos...@gmail.com wrote:
Ok great. I'll have to check on the python version, it's whatever
xandros makes available (I haven't gotten rid of the default OS on my
eeepc
I'm trying to make sure a score field I set for articles on my site in
unique, however, I'm running into an issue where my method is
appearing to corrupt my datastore. After I input stories, I can't view
pages, getting a return size too large error, and when I stop and
start the SDK, it won't
:
value = value + 0.001
else:
valid = True
return value
I've filed an issue, #922 -
http://code.google.com/p/googleappengine/issues/detail?id=922
On Dec 13, 10:01 am, bowman.jos...@gmail.com
bowman.jos...@gmail.com wrote:
I'm trying to make sure a score field I set for articles on my
I'm pleased to announce that gaeutilities 1.1 is available. 1.1 is the
developmental branch as work continues to a 2.0 release. These
releases should not be considered stable, and are mainly being put out
there for people who wish to try out the new functionality.
1.1 introduces a new utility,
60 matches
Mail list logo
