[EMAIL PROTECTED] wrote: > Jeff, > > I'm wondering what leads you to say this, since this isn't the case > with any cookies or browsers in my experience. The fact that > clear_cookie() in visit.py wouldn't work if this were the case makes me > think I must be misunderstanding you. > > On the main subject of the thread, my opinion is that hitting the db 2 > or 3 times per request for visit tracking alone is neither necessary > nor ok, *especially* not as a feature that is on by default. You can do > exactly what the current visit module does without touching the db at > all, with all data in the cookie -- and even do it pretty securely. > Just put the visitor id (a guid, you'll have to calculate it from the > time + the ip of the host + a random number, all hashed -- see for > example: > http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/213761), the > expiration time, and hash of those two plus a secret string into the > cookie. On each request, split them, check the hash, and if it's valid, > increment the expiration time, and resend the cookie. > > I can post a short sample implementation (of that principle, not a of a > whole visit tracking system!) to the list if anyone is interested. >
I'm not an expert but I agree that hitting the DB so frequently seems unnecessary to me. This also seems the problem with the slowness of the identity system: http://tinyurl.com/87bg9 Ciao Michele
