On Wed, Sep 17, 2014 at 9:06 PM, Bert JW Regeer <[email protected]> wrote: > Don’t tie it to the clients IP, you will come to regret it when your clients > end up talking IPv6 with privacy addresses that change, or if they move from > work to home with a laptop for instance, or are behind a corporate proxy that > does load balancing across different outgoing IP's (I ran into this recently > … that was a lot of fun!)
I thought you were supposed to tie it to the IP to prevent somebody else on a different IP from hijacking the session. Or is that obsolete advice now that mobile devices tend to switch networks without quitting the browser? > If you take my existing code... you’d be able to do what you proposed fairly > easily. It would be great if I can do that. You offered it before and I looked at 'pyramid_pluggable_sessions', but again it looked like serializing to strings was tightly wired to the core, and spanning several parts of the code and call-stack levels. Also, it doesn't have a Redis backend at all, so I'd have to write that. BTW, another complaint about 'pyramid_redis_sessions' is that it wants to create its own Redis connection from the settings, even if you'd rather share an existing connection from 'pyramid_redis' that you're using for other things. The only concession to this is a generic callback function that you could write it in. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/d/optout.
