Now that I have some time, I'll explain why I want your reasoning. I didn't have the time when I sent original email.
The only reason I can think of for Session not to generate a cookie is because the SID is being extracted from the URL or is being passed by some mechanism other than as a cookie. In this case the SID would need to be supplied explicitly when the Session object is being created: session = Session(req, sid=value) When a SID is supplied in this way, the Session object does not attempt to parse any cookies to get it. if not self._sid: # check to see if cookie exists if secret: cookies = Cookie.get_cookies(req, Class=Cookie.SignedCookie, secret=self._secret) else: cookies = Cookie.get_cookies(req) if cookies.has_key(session_cookie_name): self._sid = cookies[session_cookie_name].value Ie. only uses cookies to get it when self._sid evaluates False. Since if not using cookies but supplying the SID, the fact that this happens means that the change: > > if not self._sid: > > - # check to see if cookie exists > > - if secret: > > - cookies = Cookie.get_cookies(req, > > Class=Cookie.SignedCookie, > > - secret=self._secret) > > - else: > > - cookies = Cookie.get_cookies(req) > > + if session_cookie_generation: > > + # check to see if cookie exists > > + if secret: > > + cookies = Cookie.get_cookies(req, > > Class=Cookie.SignedCookie, > > + secret=self._secret) > > + else: > > + cookies = Cookie.get_cookies(req) is possibly redundant. I can't see any sense why if not supplying the SID that you would want to stop it reading the cookies as it probably wouldn't be useful. In respect of writing out a cookie, it could be argued that if you were supplying your own SID that it shouldn't assume that it should write the cookie. In that case though, rather than: > > - Cookie.add_cookie(self._req, self.make_cookie()) > > + if session_cookie_generation: > > + Cookie.add_cookie(self._req, self.make_cookie()) it possibly should be: if not sid: Cookie.add_cookie(self._req, self.make_cookie()) In other words, don't write out cookie if SID was supplied as input parameter. Thus, there wouldn't need to be a reason for a specific Python option to disable writing of cookie. So, can you explain what the original problem is you are trying to solve. On first appearances, your solution would seem to be going about it the wrong way. A question for others. Would it be reasonable that a cookie is not written out if SID was supplied explicitly? Graham Graham Dumpleton wrote .. > Now can you explain why one would want to do this? > > Unless you provide some justification of why it is necessary it is > less likely > to be accepted as although the reasons may be obvious to you, it may not > be to us. There also may be better ways of achieving the same end. > > Also, describe why this would be better than simply deleting the cookie > that is being created from the outgoing headers. > > del req.headers_out["Set-Cookie"] > > Graham > > On 21/03/2006, at 7:39 PM, Stanislav Ershov wrote: > > > Hi, > > I wrote a simple patch for 'Session.py'. Patch adds possibility to > > disable cookies generation by session. And it's optional. > > > > By default cookies generation enabled. > > Add Apache directive 'Python Option sessin_cookie_generation 0' for > > disabling. > > > > --- mod_python-3.2.8.orig/lib/python/mod_python/Session.py Mon Feb > > 20 00:51:18 2006 > > +++ mod_python-3.2.8/lib/python/mod_python/Session.py Tue Mar 21 > > 09:50:46 2006 > > @@ -138,17 +138,19 @@ > > dict.__init__(self) > > > > session_cookie_name = req.get_options().get > > ("session_cookie_name",COOKIE_NAME) > > + session_cookie_generation = int(req.get_options().get > > ("session_cookie_generation",1)) > > > > if not self._sid: > > - # check to see if cookie exists > > - if secret: > > - cookies = Cookie.get_cookies(req, > > Class=Cookie.SignedCookie, > > - secret=self._secret) > > - else: > > - cookies = Cookie.get_cookies(req) > > + if session_cookie_generation: > > + # check to see if cookie exists > > + if secret: > > + cookies = Cookie.get_cookies(req, > > Class=Cookie.SignedCookie, > > + secret=self._secret) > > + else: > > + cookies = Cookie.get_cookies(req) > > > > - if cookies.has_key(session_cookie_name): > > - self._sid = cookies[session_cookie_name].value > > + if cookies.has_key(session_cookie_name): > > + self._sid = cookies[session_cookie_name].value > > > > if self._sid: > > # Validate the sid *before* locking the session > > @@ -171,7 +173,8 @@ > > if self._sid: self.unlock() # unlock old sid > > self._sid = _new_sid(self._req) > > self.lock() # lock new sid > > - Cookie.add_cookie(self._req, self.make_cookie()) > > + if session_cookie_generation: > > + Cookie.add_cookie(self._req, self.make_cookie()) > > self._created = time.time() > > if timeout: > > self._timeout = timeout