Jeff Watkins wrote: > Once you've sent the cookie, you can't update it. Therefore, when the > expiration time set in the original cookie is up, the cookie dies, > and your visit is up. It doesn't matter how many requests you've made > recently.
Jeff, I'm wondering what leads you to say this, since this isn't the case with any cookies or browsers in my experience. The fact that clear_cookie() in visit.py wouldn't work if this were the case makes me think I must be misunderstanding you. On the main subject of the thread, my opinion is that hitting the db 2 or 3 times per request for visit tracking alone is neither necessary nor ok, *especially* not as a feature that is on by default. You can do exactly what the current visit module does without touching the db at all, with all data in the cookie -- and even do it pretty securely. Just put the visitor id (a guid, you'll have to calculate it from the time + the ip of the host + a random number, all hashed -- see for example: http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/213761), the expiration time, and hash of those two plus a secret string into the cookie. On each request, split them, check the hash, and if it's valid, increment the expiration time, and resend the cookie. I can post a short sample implementation (of that principle, not a of a whole visit tracking system!) to the list if anyone is interested. JP
