According to the Django documentation:
http://docs.djangoproject.com/en/dev/topics/http/sessions/
<<<
SESSION_COOKIE_PATH¶
New in Django 1.0: Please, see the release notes
Default: '/'
>>>
In web2py you can also set the session path, and it has the same
default:
response.cookies[response.session_id_name]['path'] = '/'
Massimo
On Oct 20, 6:41 pm, Graham Dumpleton <graham.dumple...@gmail.com>
wrote:
> I am talking about the original persons problem. If you think you are,
> then you aren't explaining things very well so the original poster and
> others would possibly be able to understand. At the moment you seem to
> be offering no solution at all.
>
> Back to the original problem, a session cookie is by default going to
> be bound to the server host name. Since this disambiguation doesn't
> include the port, you will have problems with having two separate web
> application installations which are under same host name, but
> different ports. The only way to resolve that is for each web
> application instance to use a different name for the name of the
> session cookie. That way two distinct cookies will be recorded in the
> web browser and although both would end up being sent to both
> installed web applications on the separate ports, because they would
> be distinguishing based on the name of the session cookie, they
> wouldn't care about the other and wouldn't interfere with each other.
>
> In Django you can set the SESSION_COOKIE_NAME variable in its settings
> file to enable this trick. Does web2py have an equivalent feature
> whereby the name of the session cookie can be overridden? If it
> doesn't, then OP poster wouldn't be able to do what he wants and thus
> a limitation of web2py.
>
> The only other way that sessions for different web application
> instances using same framework can be distinguished is where they are
> mounted at different non overlapping sub URLs. What would be done here
> is rather than change the name of the session cookie, one would set
> the path attribute of the cookie so that that specific cookie would
> only be sent by the web browser along with requests which fall under
> that sub URL for a host. If that path attribute is not present, the
> default is effectively '/' and so cookie sent no matter what URL is
> for that host. In other words, by setting path attribute of session
> cookie, web browser will separate cookies without needing to change
> the name of the cookie.
>
> In Django you can set the SESSION_COOKIE_PATH variable in its settings
> file to enable this trick. Does web2py have an equivalent feature
> whereby the context of what the session cookie applies to can be
> limited?
>
> While we are at it, does web2py allow the domain of the session cookie
> to be changed. That is, rather than a session cookie being limited to
> a single host, it could be changed to apply to an enmcompassing parent
> domain.
>
> In Django you can set the SESSION_COOKIE_DOMAIN variable in its
> settings file to enable this trick. Does web2py have an equivalent
> feature to control this and as a result would potentially allow a
> single web2py instance to be used to serve multiple host names under
> some common parent domain?
>
> So, look up those features of Django and how they work and then answer
> whether web2py has equivalent feature. If the answer for
> SESSION_COOKIE_NAME is yes, the OP can do what he wants. If the answer
> is no, then he can't do what he wants.
>
> Graham
>
> On Oct 21, 10:18 am, mdipierro <mdipie...@cs.depaul.edu> wrote:
>
> > Hi Graham,
>
> > the session is linked to the application, not to the web2py
> > installation. If you install the same app twice under web2py, for
> > example, each of them gets its own set of sessions. Each app has its
> > own session name and I think that is what you refer to.
>
> > web2py does not allow (by default) the same user to access the same
> > application under the same web2py from the same browser, at the same
> > time, because it would mess up the internal workflow of the
> > applications. If an action does not need to access the session, it can
> > release the lock.
>
> > Massimo
>
> > On Oct 20, 6:04 pm, Graham Dumpleton <graham.dumple...@gmail.com>
> > wrote:
>
> > > Other web frameworks allow you to customise the name of the session
> > > cookie to avoid this sort of problem where different applications run
> > > on different ports under same host name. Other web frameworks also
> > > allow one to cleanly mount multiple instances of an application under
> > > different sub URLs of same host/port and where they need different
> > > session contexts, allow you to have the session cookie path be the sub
> > > URL so they are distinct for each instance.
>
> > > If web2py can't do this, it is a design/implementation limitation, not
> > > a feature.
>
> > > Graham
>
> > > On Oct 21, 12:21 am, mdipierro <mdipie...@cs.depaul.edu> wrote:
>
> > > > It is not going to be the same session. By default each app has its
> > > > own sessions and session keys. There is no sharing between apps. You
> > > > can, optionally, have one app retrieve the session keys and sessions
> > > > of another app but it is not a goo idea.
>
> > > > Massimo
>
> > > > On Oct 20, 5:50 am, Alex Fanjul <alex.fan...@gmail.com> wrote:
>
> > > > > Thanks Massimo,
> > > > > one quick and maybe newbi question: if you have 2 applications (in the
> > > > > same server), and each application has his own session directory to
> > > > > store private session data, how does the server know that you are
> > > > > openning the "same session" in the two apps? and.. is it actually the
> > > > > same session even within the same browser? maybe this concern
> > > > > contexts,
> > > > > and so...
>
> > > > > regards,
> > > > > alex f
>
> > > > > > To clarify. This is not a bug. This is a feature.
>
> > > > > > As long you store server side, web2py prevents the same user from
> > > > > > opening the same session twice. There is no concurrency problems for
> > > > > > different users. There is no problem if the same user uses two
> > > > > > distinct sessions (by using different browsers or different
> > > > > > machines).
>
> > > > > > Massimo
>
> > > > > > On Oct 19, 4:44 pm, Alex Fanjul<alex.fan...@gmail.com> wrote:
>
> > > > > >> Wow, this sounds me!!
> > > > > >> In the enterprise I'm working (by now) we have a big social network
> > > > > >> product (in a mix of perl and private language), and we in fact
> > > > > >> suffer
> > > > > >> from similar sessions problems/issues.
> > > > > >> I deed, if you have 2 applications in the same server the sessions
> > > > > >> are
> > > > > >> messed like this example...
> > > > > >> I think this could have to take into consideration. ¿or not?
>
> > > > > >> Alex F
>
> > > > > >> El 19/10/2009 16:32, Wes James escribió:
>
> > > > > >>> On Mon, Oct 19, 2009 at 8:26 AM, SergeyPo<ser...@zarealye.com>
> > > > > >>> wrote:
>
> > > > > >>>> Run two different web2py applications on same machine using two
> > > > > >>>> different ports (127.0.0.1:8000 and 127.0.0.1:8002). Open two
> > > > > >>>> browser
> > > > > >>>> windows for two apps (two tabs in Safari).
> > > > > >>>> Log in 1st application admin in 1st window.
> > > > > >>>> Log in 2nd app admin in 2nd window.
> > > > > >>>> Try to do smth in 1st window - it will ask you for password.
>
> > > > > >>>> Is it intended behaviour or sessions do not take port number into
> > > > > >>>> account?
>
> > > > > >>> When you have a browser open, a session is active across all
> > > > > >>> windows.
> > > > > >>> The only way to get around this is to open a different browser.
> > > > > >>> i.e.
> > > > > >>> browser one is safari, browser two is firefox or opera, etc.
> > > > > >>> Firefox
> > > > > >>> 3.5.3 has private browsing, but I don't know how that would work
> > > > > >>> in
> > > > > >>> this situation. Does private browsing put your sessions in a
> > > > > >>> black
> > > > > >>> box that no other browser window (of the same browser instance)
> > > > > >>> can
> > > > > >>> see??
>
> > > > > >>> -wes
>
> > > > > >> --
> > > > > >> Alejandro Fanjul Fdez.
> > > > > >> alex.fan...@gmail.comwww.mhproject.org
>
> > > > > --
> > > > > Alejandro Fanjul Fdez.
> > > > > alex.fan...@gmail.comwww.mhproject.org
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
