> After reading through these, I think most of these can be satisfied > with the proper session backend. Why not write a "secure" session > backend? (You would presumably also need to require signed cookies for > the session.) I would be interested to see what it would look like.
I think a general refactoring is required. Explicit session destruction and threading should be supported by all backends. Looks like sessions are the only bit that may pose problems when running Django under threaded WSGI, quoting Graham Dumpleton from http://code.google.com/p/modwsgi/wiki/IntegrationWithDjango: "If any area of Django does give problems it may be its support for sessions. This is because Django does not implement any form of global session locking. That this is lacking though should by rights also cause problems with multi process server configurations as well as multithreaded servers. It may be the case though that problems may more readily occur in a multithreaded server, especially in AJAX heavy applications which execute many concurrent requests which require use of sessions." Is this correct or are there any other modules that are not thread- safe? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
