This question already has answers here:
Are global variables thread-safe in Flask? How do I share data between requests?
(4 answers)
Closed 1 year ago.
I used Flask's g variable to store variables. I hosted the app in IIS, the values are not working correct and some time previously edited values were shown.
Then I moved to sessions to hold my data. In my case I should not use database for storing my data.
For each session I have more than 10 variables. Whether it is good to hold the data in session? or storing variables globally across request is good in production environment, if yes, anyone please explain?
Also I would like mention that global declaration of variables not working correct in production environment for me.
I am using flask for a long time and the session approach works great for me. Still, there are some security concerns because you are storing information in your session cookie which is easy to decrypt. If the data are not sensitive like passwords I strongly suggest using session.
Related
Hey this is a more general question.
The first part is just knowing exactly how Global variables work. If multiple users are accessing the server at the same time is a global variable going to be shared across all of the users? or will each user have their own instance of that global variable?
I am aware of sessions and how this is probably the best answer to solve my issue, however, I am currently working with the Django FormWizard and it doesnt seem to have access to request so I am unable to use the sessions. I am not entirely sure how to access request so if anyone knows how to do that I appreciate the help.
Thanks!
Depends on how you deploy your application. Gunicorn for example by default will load every worker process with its own environment, but with --preload it will load app and only after that prefork workers. The second way global variables will be shared, but with a limitation: all shared variables will copy-on-write, so if you try to modify global variable in a worker process, that variable will be copied and you'll modify copy of instance.
Answering your second question. You cannot get request instance from anywhere you want in Django if it's not directly passed into function. Modifying global variables often isn't threadsafe, be aware.
Is this the same as php $_sessions?
Does it use php $_sessions? (edited)
When should I use it?
What are some down sides of using it?
Can or should I use it to store user input and results of forms for later operations?
And is it secure? (edited)
The private temporary storage differs from session storage in very significant ways and it is not intended as a replacement of it.
For logged in users, sessions are completely irrelevant, the data stored in the temporary storage is shared among all sessions of a given user, current and future.
Only for an anonymous user are sessions relevant: should their sessions expire, the contents is not retrievable any more because it is tied to the session ID. But the data is not stored in the session storage for anonymous users either, only the session ID is relevant.
The data expires after a time set on the container parameter called tempstore.expire which has nothing to do with the session cookie lifetime (nor is the latter relevant for logged in users).
There is metadata associated with each piece of data: the owner (either the logged in user id or a session id) and the updated time.
The durability expectations completely differ. Sessions are fundamentally ephemeral. Many places will tie sessions to IP addresses. It is certainly tied to a browser and as such, to a device. As a corollary, if clients can't expect sesssions to last, there's no reason for the server to cling to them heavily: putting the session storage on fast but less durable storage (say, memcached etc) is a completely valid speedup strategy. However, the private temporary storage is durable -- within expire, of course. A typical thing to store in a session is a "flash" message -- the one you set with drupal_set_message. If you set one such and then the session gets lost, oh well. Yeah, informing the user would've been nice but oh well. I certainly wouldn't expect to see a flash message follow me across browsers and devices.
In theory, a typical thing to store in the private temp storage would be a shopping cart. In practice, this is not done because a) carts, if not for the end user but for the back office are valuable, not temporary data b) when a user logs in, their session data is migrated but their private temp storage is not. WHether this is a bug is debateable, at the time of this writeup I can't find a core issue about this. This is a possible downside. So a Views UI like complex edit is one possible use case but note the Views UI itself uses the shared temporary storage facility, not the private one. In fact, the only usage I can find are node previews.
Here a very good articles about Storing Session Data with Drupal 8.
It cover exactly all your questions & more !
Take a look at it, the author give you also a lot of other links to help you.
Here a short summary:
1. Is this the same as php $_sessions?
Roughly equivalent. But (and it's an important but) using Drupal 8 services provides needed abstraction and structure for interacting with a global construct. It's part of an overall architecture that allows developers to build and extend complex applications sustainably.
2. When should I use it?
In past versions of Drupal, I might have just thrown the data in $_SESSION. In Drupal 8 there's a service for that; actually, two services: use user.private_tempstore and user.shared_tempstore for temporarily storing user-specific and non-user-specific data, respectively.
3. What are some down sides of using it?
Knowing POO.
4. Can or should I use it to store user input in forms for later operations?
Should.
Hello everyone,
Does anyone know what is the difference between Storage and LocalStorage of Ionic2 ? I am not very clear when reading it. Please kindly explain me.
Thanks in advance.
There is a nice short description at the Ionic documentation
Basically localStorage is a browser owned key/value system.
You can store up to 5Mb depending on the platform. However the OS you are running your app under can decide to delete its content if your app is on the background and OS needs memory.
The Storage plugin will try to use permanent storage such SQLite. Therefore your data lives as long as your app is installed.
So details that need to be persisted such as first launch flag or authentication token and so on, need to go under Storage, where you can decide to store some recurrent data you get from the server at localStorage..
https://stackoverflow.com/a/19869560/6642869
you may refer to this , and this might clear your doubt.
In a nutshell...
LOCAL STORAGE
For example you have an app, and as you launch it, you make an sql query and retrieve all its data on your phone and then you use that data within your application and it will be displayed to the user via local storage. This will help user to see data when you are without internet until the time the user does something that will clear the data from your phone (suppose if you logout, your local DB will be cleared). Until the user logs out or clear app data, he can see the data even without internet but will not be able to make any updations
STORAGE:
For example you launch your application, and then as you fetch the data it is stored by you in a global array (in terms of ionic 2), then you display that data on your page from your local array. The difference here is, as you are fetching details from the server your global array is getting filled and then you can make activities in your application for example you like a post, the like will be reflected at the same instant and server end communication will take place from background with no worry of reloading the app again and again. But once you exit from your app the global array will be cleared. So no data will be visible without internet.
Briefly we can say like storage in ionic 2 works dynamically and make our data fetching and posting quick where as for local storage it helps you look at the content even in offline mode.
Apart from what's mentioned above:
localStorage is synchronous and the ionic Storage is asynchronous.
In my case using localStorage was more convenient because I had to synchronously receive stored data.
Hi I'm writing a web application using Django. I'm still learning the framework and reading the howto book. I know I might be asking this question prematurely however i'd really like to know. I want to create a python data structure in memory that is shared across all the sessions. What would be the best and most scalable way to perform this. So far I have read about redis however I would like to more flexibility and understand redis can only store strings instead of python objects..
This post is partially close to what you want (excluding the java part and the later update on the post). The summary of the answer is that django is a muti-process environment, and thus sharing objects across sessions is not feasible. One option is to use the database for storing such shared objects.
We have two ColdFusion applications that share a common database. There are three instances of each application. (One instance of each application runs on each of three servers.)
I can see that the three instances of a given application should share a client variable store. (Load-balancing can cause a single user session to bounce between the three instances.) My question is: Is there any danger to having all instances of both applications share the same data store? Or should only one application be pointing at a given data store?
You can use the same client data store. The CDATA table has an 'app' column that stores the coldfusion application name. That column will keep your data unique to each application.
I'm working at an enterprise level ColdFusion shop with multiple CF applications running on the same server that are all pointed at the same client variable store. The only concern within the organization is how the client variable store affects regular backups, and that falls under the data team's purview. We don't have any problems with the different apps actually using the same client variable storage.
Related, from the ColdFusion documentation:
Some browsers allow only 20 cookies to
be set from a particular host.
ColdFusion uses two of these cookies
for the CFID and CFToken identifiers,
and also creates a cookie named
cfglobals to hold global data about
the client, such as HitCount,
TimeCreated, and LastVisit. This
limits you to 17 unique applications
per client-host pair.
I guess this deals more with how many applications you actually run rather than whether you have them all share the same client data store, but it does suggest that there may be some kind of hard limit on the total number of apps you can run at once, although I'd recommend splitting across hosts (or just using a different domain name) if you're planning on more than 16 apps!
As Eric stated above, running multiple apps off of one datasource is fine. What I would warn you is that these databases can fill up fast if you're not careful to block spiders and search engines from using them. Because CF creates client variables on each request for a new session, a search engine will get a new one every time because it never sends its old credentials/cookies so CF thinks it's a new user who needs a new client variable set. Also, be absolutely certain to check "Disable global client variable updates" in CF admin. This will save you a lot of unnecessary overhead.
I would think that multiple applications sharing the same data store would open up the possibility of users from one application having access to the other applications. While it may not be likely, the possibility could exist. (I don't have any facts to back that up, it just seems like a logical conclusion).
The question is, are you comfortable with that possibility, or do you have to absolutely make sure each application is secure?