Suppose my django project gets some cookies from a server application (the webclient itself still gets django generated cookies). When I login django website, I ask for a cookie from that server application. It is currently saved in database, but we don't want this method.
My question is: does saving this cookie in request.session['special_cookies'] safe? How long does this information last?
What is a better way to save this information throughout browsing? Thanks.
Yes, that's safe. It's still a database hit, though: in the standard Django configuration, session data is pickled into a binary data field in the session. It's just provided for you "out of the box" rather than your having to store it yourself. You can improve performance by using the cached_db setting and giving memecache a lot of the details.
RTFM, please.
Related
I need the ability to invalidate the Django session even if there is no Internet connection (or the server is down, or anything). The session cookie is by default httpOnly, and I don't like to change it, so simply deleting it is not an option. Is there any standard way to deal with this issue?
The relatively simple solution is to write a custom middleware on top of Django sessions. This middleware could add a secondary session token, say sessionid2, that would be acessible (and deletable) from Javascript. Both would be checked simultanously, so just one missing would invalidate the session. However, I would strongly prefer to use some of-the-shelf solution, if one exists.
The application is supposed to work as Chrome's Progressive Web App, so I'll be happy with a Chrome-specific solution if there is one.
I have an app using DB as session backend, and I realize that Django allows a Memcached-like (memcached, ElastiCache) session backend.
Reading the doc at Django site, I found the setting file can specify that change. My question is whether my view logic code files need any change.
No. You shouldn't have to change anything. If you deploy the code on a live site, active sessions will be lost (all users will be logged out).
I have a weird bug with django sessions in my app: some times (about 10 times for ~20000 per day) session information for user is erased. I traced it via log files: at page A there is information for user's session, after it he submits the form and at the next page his session is empty. I tried two types of storage: memcached+db and db only and this problem is for both of them. I tried to reproduce these scenarios, but all works as expected, as I said, it happens very rare. I also checked that this problem exists for different users, and for them is doesn't reproduce each time. I don't have any ideas how to catch the root cause and I don't know what else post here as a description. If someone has any ideas, please let me know. If it is important, I'm running my app with django 1.2 + FastCGI.
Thanks!
UPD: I checked and see that session key from uses is not changed during two sequential requests, at first request there is an actual session state, and at second session variables are relaced with empty.
As a way to debug this problem, I would subclass the standard Django session middleware (or whatever you're currently using):
django.contrib.sessions.middleware.SessionMiddleware
and wrap process_request and (probably more importantly) process_response in some extra logging. Then install your subclassed session middleware in the MIDDLEWARE_CLASSES, rather than the stock Django one.
You could also validate that session.save() has actually committed its changes by attempting to read it back. It could be that the problem lies in session-state serialisation, and it's failing on a particular key or value that you're attempting to store.
None of this will fix your problem, but it might help you to establish what's going on.
As #Steve Mayne mentioned, it would be good to do some logging on the sessions middleware and sessions model save method. That's something I'd start with.
In addition I'd like to say that this could be a database related issue, especially if you're using MySQL database backend for sessions. You can check the log for database locks and other concurrency issues. I had to deal with similar issues before and the solution is clear: optimization and additional performance.
If you have some specific application middleware, you can check for functionality that interferes with Django sessions. Such parallel operations can cause problems, if not implemented properly.
Another thing I would do is to upgrade to the latest stable release of Django and migrate to a mod_wsgi setup.
I am using QtWebkit to implement a browser in C++/Qt. When I open a new tab in it with a QWebView instance and load a URL using load() the page loads normally, but when it's a site where I'm logged in using cookies, it'll appear as though I'm not logged in at all, due to the cookies for that page not being sent along with the HTTP request (verified using SocketSniff).
The only thing I think that might make a difference would be the custom cookiejar I created, but I'm unsure what it might be since the cookiejar works fine otherwise. You can find the full source code at the Github link on the project page for the browser: http://www.mayaposch.com/wildfox.php and the Github link: https://github.com/MayaPosch/WildFox
Any clues are welcome :)
Well, I at last found out what the problem was. I narrowed it down to the custom cookiejar I implemented, which has an in-memory structure containing new and accessed cookies, and stores non-session cookies in an SQLite structure on disk. The problem was that after first loading a site, it'd find cookies in the SQLite database, load them into the in-memory structure, but not use them.
Small glitch with big consequences and very easy to figure out once you get down to it. My sincere apologies for wasting your time with this question. Hopefully this answer will help someone, though :)
I've seen various options for URL rewriting here on Stack Overflow, and other places on the web, but was curious to see if there were other options.
This is speculation, as Cookies and URL Rewriting are the big two, but technologically, I think it'd be possible to:
do some massive hackery with javascript that captures all links and submits a form with information.
track the session on the server based on IP
Both have their downsides and holes obviously.
Session variables? At work, we are not allowed to use non session-cookies without a load of permissions.
You can either maintain state through a cookie or through a query parameter. The browser needs to be able to pass data to the web server somehow and those are the only two options.
I suppose that would depend on what technology you are using. In ColdFusion you can maintain session variables without cookies.
Using a client-side database storage, such as Google Gears (sqlite) ? Html5 is expected to include one (webkit already does it).