[Twisted-web] nevow + cookieless sessions

Mike Warren spam at mike-warren.com
Fri Jun 25 19:54:05 MDT 2004

Christopher Armstrong <radix at twistedmatrix.com> writes:
> Mike Warren wrote:

> > I'm not entirely sure where to look for problems. I would have
> > expected Nevow to re-write href attributes to be something like
> > /__session_key__BAR/foo from /foo, but that's not happening.  Any
> > guidance or suggestions for things I should look into?

> Rewriting is way too problematic. This form of session management is
> only compatible with relative links. Just use relative links instead
> of absolute ones.

Is there a way to turn it off, besides overriding the locateChild
method is nevow.guard.SessionWrapper? In my case, re-writing the URLs
myself is going to be about the same amount of work as writing
relative URLs, so I'd rather do the former or neither (and just make
users turn on cookies or not interact).

What exactly are the problems with re-writing? I tried some quick
hackery in nevow.flat.flatstan near line 110 to look for an "href" key
and then check that the resulting serialized value started with the
appropriate magic if it started with '/', but neither the request nor
session is "remembered" in the context I get; is this the "way too
problematic" bit? (I don't know quite how the remembering/flattening

It would be preferable to just have a "please turn on cookies if you
want to do ``X''" page; I would like to keep site-customisation sorts
of things in the session (rather than, for example, cookies) but the
way the session_key code works right now, a user with blocked cookies
will be generating a new session for every request they make; I'd
rather have just one "anonymous" session which wouldn't be mutable
(i.e. it would always be filled with the defaults which would be
generated by creating a new session).

To that end, would anyone else find a "default session if no cookies"
bit of code useful? (Obviously, one could then determine if the user
was a "no-cookies" user by seeing if their session is the same as the
"no-cookies" session).


mike [at] mike [dash] warren [dot] com
gpg --keyserver --recv-key 579911BD
87F2 4D98 BDB0 0E90 EE2A 0CF9 1087 0884 5799 11BD

More information about the Twisted-web mailing list