I don't use sessions enough to comment on whether this is an appropriate
change for mod_python or not, but I would suggest that you log an
enhancement request at:
http://issues.apache.org/jira/browse/MODPYTHON?report=select
This will ensure any request is not overlooked. It is also preferred
that
you supply context diffs against code and that such diffs preferably be
against the most recent code base found in subversion repository:
https://svn.apache.org/repos/asf/httpd/mod_python/trunk/
Graham
On 08/09/2005, at 7:57 PM, Maciej Dems wrote:
Hello,
I would like to point to some simple bug in session handling. The
problem
occurs when you want to have persistens sessions, i.e. the ones which
will stay after the user close the browser window (this is useful for
example if you want to let him stay logged-on). For this reason it is
necessary to set the expire value to session cookie other than zero
(which is the case now).
There are the simple solutions in mod_python/Session.py
In BaseSession.__init__:
if self._new:
# make a new session
if self._sid: self.unlock() # unlock old sid
self._sid = _new_sid(self._req)
self.lock() # lock new sid
if timeout:
self._timeout = timeout
else:
self._timeout = DFT_TIMEOUT
self._created = time.time()
Cookie.add_cookie(self._req, self.make_cookie())
(generally put add_cookie to an end)
and in BaseSession make_cookie:
if self._secret:
c = Cookie.SignedCookie(COOKIE_NAME, self._sid,
secret=self._secret,
expires=self._created+self._timeout+3600)
else:
c = Cookie.Cookie(COOKIE_NAME, self._sid,
expires=self._created+self._timeout+3600)
(add expires parameter; +3600 is for the case of the user clock set up
wrongly).
I hope you will correct the case in future versions of mod_python
