Re: cookies generation by session, patch

Tue, 21 Mar 2006 02:05:09 -0800 

Now can you explain why one would want to do this?
Unless you provide some justification of why it is necessary it is less likely 
to be accepted as although the reasons may be obvious to you, it may not
be to us. There also may be better ways of achieving the same end.

Also, describe why this would be better than simply deleting the cookie
that is being created from the outgoing headers.

  del req.headers_out["Set-Cookie"]

Graham

On 21/03/2006, at 7:39 PM, Stanislav Ershov wrote:


Hi,
I wrote a simple patch for 'Session.py'. Patch adds possibility to disable cookies generation by session. And it's optional. 

By default cookies generation enabled.
Add Apache directive 'Python Option sessin_cookie_generation 0' for disabling.
--- mod_python-3.2.8.orig/lib/python/mod_python/Session.py Mon Feb 20 00:51:18 2006 +++ mod_python-3.2.8/lib/python/mod_python/Session.py Tue Mar 21 09:50:46 2006 
@@ -138,17 +138,19 @@
         dict.__init__(self)
session_cookie_name = req.get_options().get ("session_cookie_name",COOKIE_NAME) + session_cookie_generation = int(req.get_options().get ("session_cookie_generation",1)) 

         if not self._sid:
-            # check to see if cookie exists
-            if secret:
- cookies = Cookie.get_cookies(req, Class=Cookie.SignedCookie, 
-                                             secret=self._secret)
-            else:
-                cookies = Cookie.get_cookies(req)
+            if session_cookie_generation:
+                # check to see if cookie exists
+                if secret:
+ cookies = Cookie.get_cookies(req, Class=Cookie.SignedCookie, 
+                                                 secret=self._secret)
+               else:
+                    cookies = Cookie.get_cookies(req)

-            if cookies.has_key(session_cookie_name):
-                self._sid = cookies[session_cookie_name].value
+                if cookies.has_key(session_cookie_name):
+                    self._sid = cookies[session_cookie_name].value

         if self._sid:
             # Validate the sid *before* locking the session
@@ -171,7 +173,8 @@
             if self._sid: self.unlock() # unlock old sid
             self._sid = _new_sid(self._req)
             self.lock()                 # lock new sid
-            Cookie.add_cookie(self._req, self.make_cookie())
+            if session_cookie_generation:
+                Cookie.add_cookie(self._req, self.make_cookie())
             self._created = time.time()
             if timeout:
                 self._timeout = timeout

Reply via email to