[Twisted-Python] Sessions and URLs
Edmund Dengler
edmundd at eSentire.com
Sat Aug 9 12:45:30 EDT 2003
Hi all!
Dug into the library. It looks like woven.guard.SessionWrapper is setup
to return a child EVEN IF YOU DO NOT HAVE A SESSION!!.
Basically. the code structure of getChild() looks like (I could be wrong
in my understanding, so please correct if I am making a mistake):
some setup stuff
if we have a session key as the next bit in the path
...
if the key matches the cookie
we have cookies enabled, get rid of the embedded key
...
else (cookies are disabled, keep the key)
...
elif we have a cookie from the browser
...
elif we are explicitely calling "session-init"
...
else (we do not have a cookie anywhere)
return the child anyways!!!
So, the code is structured such that a cookie is not available, the normal
children still get returned. Is this suppose to be how it works? Should
this be changed so that a flag is available for "force session"? Or should
a session always be forced (no option)?
Should we have a pattern such as "session-name:cookie" so we can do a
pattern match for old sessions no longer cached (and force a new session)?
Regards!
Ed
More information about the Twisted-Python
mailing list