On Apr 3, 8:23 pm, mrts <[EMAIL PROTECTED]> wrote: > > After reading through these, I think most of these can be satisfied > > with the proper session backend. Why not write a "secure" session > > backend? (You would presumably also need to require signed cookies for > > the session.) I would be interested to see what it would look like. > > I think a general refactoring is required. Explicit session > destruction and threading should be supported by all backends. Looks > like sessions are the only bit that may pose problems when running > Django under threaded WSGI, quoting Graham Dumpleton > fromhttp://code.google.com/p/modwsgi/wiki/IntegrationWithDjango: > > "If any area of Django does give problems it may be its support for > sessions. This is because Django does not implement any form of global > session locking. That this is lacking though should by rights also > cause problems with multi process server configurations as well as > multithreaded servers. It may be the case though that problems may > more readily occur in a multithreaded server, especially in AJAX heavy > applications which execute many concurrent requests which require use > of sessions." > > Is this correct or are there any other modules that are not thread- > safe?
For some context of why I came out and said that, read: http://groups.google.com/group/django-users/browse_frm/thread/a7d42475b66530bd What I say may not be totally correct, but the comment (which was correcting my assumption): """As can be seen from the code in django/contrib/sessions/middleware.py and models.py, we don't do any cross-thread or cross-process locking when creating a session instance. Maybe we well should be doing something like that for people who want to do simultaneous updates -- as might happen in an AJAX driven site -- but, right now, we do not. """ was enough for me to at least highlight it as something to watch out for. Graham --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
