Hello,
I would like to point to some simple bug in session handling. The problem
occurs when you want to have persistens sessions, i.e. the ones which
will stay after the user close the browser window (this is useful for
example if you want to let him stay logged-on). For this reason it is
necessary to set the expire value to session cookie other than zero
(which is the case now).
There are the simple solutions in mod_python/Session.py
In BaseSession.__init__:
if self._new:
# make a new session
if self._sid: self.unlock() # unlock old sid
self._sid = _new_sid(self._req)
self.lock() # lock new sid
if timeout:
self._timeout = timeout
else:
self._timeout = DFT_TIMEOUT
self._created = time.time()
Cookie.add_cookie(self._req, self.make_cookie())
(generally put add_cookie to an end)
and in BaseSession make_cookie:
if self._secret:
c = Cookie.SignedCookie(COOKIE_NAME, self._sid,
secret=self._secret,
expires=self._created+self._timeout+3600)
else:
c = Cookie.Cookie(COOKIE_NAME, self._sid,
expires=self._created+self._timeout+3600)
(add expires parameter; +3600 is for the case of the user clock set up
wrongly).
I hope you will correct the case in future versions of mod_python
Yours, faithfully
Maciej Dems
--
M.Sc. Maciej Dems [EMAIL PROTECTED]
-----------------------------------------------------
C o m p u t e r P h y s i c s L a b o r a t o r y
Institute of Physics, Technical University of Lodz
ul. Wolczanska 219, 93-005 Lodz, Poland, +48426313649
