On Oct 20, 8:01 pm, Graham Dumpleton <graham.dumple...@gmail.com> wrote: > On Oct 21, 11:14 am, mdipierro <mdipie...@cs.depaul.edu> wrote: > > > Sorry my answer was confused. I guess having my son jumping around me > > all the time does not help. > > > What I tried to say is that web2py cannot link a session to a port > > hence the problem. It cannot and should not because the port is not > > reliable since there may be a proxy. > > web2py shouldn't even be trying to link it to a port. Not what I am > suggesting. How cookies work with respect to ports is just how HTTP is > and any requirement to work around that should be entirely up to the > user tpo do explicitly and not the framework provider try
Perhaps I do not understand your proposed solution. As far as I know cookies ignore ports see http://code.djangoproject.com/ticket/2806 and references therein, specifically the last comments. Cookies can only reliably bind to a hostname and a path. > > There is a flag one can set to change the session name (session.connect > > (...appname=...)) but I do not advice using that solution because I > > prefer a different solution. To use the Django solution, you would > > have to detect the port the server is running on and set the name of > > the session cookie accordingly, but I do not like idea of an app that > > depends on the port it is running at. For example it would break > > download over http of images that requires authentication from pages > > that use https. > > You wouldn't need for the application to detect the port. If these are > two different installations of web2py then they can have separate hard > wired configuration setting. Presuming that is that this can be > controlled from a global settings file somehow like with Django. I do not think so but perhaps if you can show an example of how you would handle it in Django I can provide an equivalent solution in web2py. > > Instead, consider a typical web2py installation with two apps, a and > > b. By default, they will use the cookies session_id_a and > > session_id_b, respectively. Sergey can take advantage of this feature > > and for example, he can create a symlink "b" to his app "a". Now "a" > > and "b" are the same app but they will have distinct session cookies. > > He can can access "a" from one port and "b" from the other without > > running into issues. > > Do you literally mean symlink as in file system symbolic link? Could > the alias instead be managed somehow via your global route rewriting > rules instead. If you want two discinct sets of session cookies without altering the code you need the symbolic links. This solution works with every app. You can also combine routes with a path in the cookie but this requires adding one line to the app and this will prevent other apps from accessing sessions from this app. Something that I consider a feature of web2py for collaborative applications. > Graham > > > Massimo > > > On Oct 20, 6:41 pm, Graham Dumpleton <graham.dumple...@gmail.com> > > wrote: > > > > I am talking about the original persons problem. If you think you are, > > > then you aren't explaining things very well so the original poster and > > > others would possibly be able to understand. At the moment you seem to > > > be offering no solution at all. > > > > Back to the original problem, a session cookie is by default going to > > > be bound to the server host name. Since this disambiguation doesn't > > > include the port, you will have problems with having two separate web > > > application installations which are under same host name, but > > > different ports. The only way to resolve that is for each web > > > application instance to use a different name for the name of the > > > session cookie. That way two distinct cookies will be recorded in the > > > web browser and although both would end up being sent to both > > > installed web applications on the separate ports, because they would > > > be distinguishing based on the name of the session cookie, they > > > wouldn't care about the other and wouldn't interfere with each other. > > > > In Django you can set the SESSION_COOKIE_NAME variable in its settings > > > file to enable this trick. Does web2py have an equivalent feature > > > whereby the name of the session cookie can be overridden? > > > If it > > > doesn't, then OP poster wouldn't be able to do what he wants and thus > > > a limitation of web2py. > > > > The only other way that sessions for different web application > > > instances using same framework can be distinguished is where they are > > > mounted at different non overlapping sub URLs. What would be done here > > > is rather than change the name of the session cookie, one would set > > > the path attribute of the cookie so that that specific cookie would > > > only be sent by the web browser along with requests which fall under > > > that sub URL for a host. If that path attribute is not present, the > > > default is effectively '/' and so cookie sent no matter what URL is > > > for that host. In other words, by setting path attribute of session > > > cookie, web browser will separate cookies without needing to change > > > the name of the cookie. > > > > In Django you can set the SESSION_COOKIE_PATH variable in its settings > > > file to enable this trick. Does web2py have an equivalent feature > > > whereby the context of what the session cookie applies to can be > > > limited? > > > > While we are at it, does web2py allow the domain of the session cookie > > > to be changed. That is, rather than a session cookie being limited to > > > a single host, it could be changed to apply to an enmcompassing parent > > > domain. > > > > In Django you can set the SESSION_COOKIE_DOMAIN variable in its > > > settings file to enable this trick. Does web2py have an equivalent > > > feature to control this and as a result would potentially allow a > > > single web2py instance to be used to serve multiple host names under > > > some common parent domain? > > > > So, look up those features of Django and how they work and then answer > > > whether web2py has equivalent feature. If the answer for > > > SESSION_COOKIE_NAME is yes, the OP can do what he wants. If the answer > > > is no, then he can't do what he wants. > > > > Graham > > > > On Oct 21, 10:18 am, mdipierro <mdipie...@cs.depaul.edu> wrote: > > > > > Hi Graham, > > > > > the session is linked to the application, not to the web2py > > > > installation. If you install the same app twice under web2py, for > > > > example, each of them gets its own set of sessions. Each app has its > > > > own session name and I think that is what you refer to. > > > > > web2py does not allow (by default) the same user to access the same > > > > application under the same web2py from the same browser, at the same > > > > time, because it would mess up the internal workflow of the > > > > applications. If an action does not need to access the session, it can > > > > release the lock. > > > > > Massimo > > > > > On Oct 20, 6:04 pm, Graham Dumpleton <graham.dumple...@gmail.com> > > > > wrote: > > > > > > Other web frameworks allow you to customise the name of the session > > > > > cookie to avoid this sort of problem where different applications run > > > > > on different ports under same host name. Other web frameworks also > > > > > allow one to cleanly mount multiple instances of an application under > > > > > different sub URLs of same host/port and where they need different > > > > > session contexts, allow you to have the session cookie path be the sub > > > > > URL so they are distinct for each instance. > > > > > > If web2py can't do this, it is a design/implementation limitation, not > > > > > a feature. > > > > > > Graham > > > > > > On Oct 21, 12:21 am, mdipierro <mdipie...@cs.depaul.edu> wrote: > > > > > > > It is not going to be the same session. By default each app has its > > > > > > own sessions and session keys. There is no sharing between apps. You > > > > > > can, optionally, have one app retrieve the session keys and sessions > > > > > > of another app but it is not a goo idea. > > > > > > > Massimo > > > > > > > On Oct 20, 5:50 am, Alex Fanjul <alex.fan...@gmail.com> wrote: > > > > > > > > Thanks Massimo, > > > > > > > one quick and maybe newbi question: if you have 2 applications > > > > > > > (in the > > > > > > > same server), and each application has his own session directory > > > > > > > to > > > > > > > store private session data, how does the server know that you are > > > > > > > openning the "same session" in the two apps? and.. is it actually > > > > > > > the > > > > > > > same session even within the same browser? maybe this concern > > > > > > > contexts, > > > > > > > and so... > > > > > > > > regards, > > > > > > > alex f > > > > > > > > > To clarify. This is not a bug. This is a feature. > > > > > > > > > As long you store server side, web2py prevents the same user > > > > > > > > from > > > > > > > > opening the same session twice. There is no concurrency > > > > > > > > problems for > > > > > > > > different users. There is no problem if the same user uses two > > > > > > > > distinct sessions (by using different browsers or different > > > > > > > > machines). > > > > > > > > > Massimo > > > > > > > > > On Oct 19, 4:44 pm, Alex Fanjul<alex.fan...@gmail.com> wrote: > > > > > > > > >> Wow, this sounds me!! > > > > > > > >> In the enterprise I'm working (by now) we have a big social > > > > > > > >> network > > > > > > > >> product (in a mix of perl and private language), and we in > > > > > > > >> fact suffer > > > > > > > >> from similar sessions problems/issues. > > > > > > > >> I deed, if you have 2 applications in the same server the > > > > > > > >> sessions are > > > > > > > >> messed like this example... > > > > > > > >> I think this could have to take into consideration. ¿or not? > > > > > > > > >> Alex F > > > > > > > > >> El 19/10/2009 16:32, Wes James escribió: > > > > > > > > >>> On Mon, Oct 19, 2009 at 8:26 AM, > > > > > > > >>> SergeyPo<ser...@zarealye.com> wrote: > > > > > > > > >>>> Run two different web2py applications on same machine using > > > > > > > >>>> two > > > > > > > >>>> different ports (127.0.0.1:8000 and 127.0.0.1:8002). Open > > > > > > > >>>> two browser > > > > > > > >>>> windows for two apps (two tabs in Safari). > > > > > > > >>>> Log in 1st application admin in 1st window. > > > > > > > >>>> Log in 2nd app admin in 2nd window. > > > > > > > >>>> Try to do smth in 1st window - it will ask you for password. > > > > > > > > >>>> Is it intended behaviour or sessions do not take port number > > > > > > > >>>> into > > > > > > > >>>> account? > > > > > > > > >>> When you have a browser open, a session is active across all > > > > > > > >>> windows. > > > > > > > >>> The only way to get around this is to open a different > > > > > > > >>> browser. i.e. > > > > > > > >>> browser one is safari, browser two is firefox or opera, etc. > > > > > > > >>> Firefox > > > > > > > >>> 3.5.3 has private browsing, but I don't know how that would > > > > > > > >>> work in > > > > > > > >>> this situation. Does private browsing put your sessions in a > > > > > > > >>> black > > > > > > > >>> box that no other browser > > ... > > read more » --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
