My favorites | Sign in
Project Logo
Project Home
  
Downloads
  
Wiki
  
Issues
  
Source
    
Search
for
Updated Nov 06, 2008 by bowman.joseph
Labels: Featured
Session  

Sessions

Sessions provides a way to manage storing data for users their visit to your web site. It works by providing visitors with a cookie with an id that is also stored server side. Data can then be added, using any python object that can be pickled and stored, referencing that id.

Using Sessions

Make it available simply by importing the class, and initializing it. Session initializtion handles the reading and passing data to the browsers cookie store. 

    from appengine_utilities.sessions import Session
    self.session = Session()

Because sessions read and write cookie, you need to initalize the class before you send any output to the browser.

Once initialized, you can use sessions like any other dictionary object. 

    self.session['meals'] = ['breakfast', 'lunch', 'dinner']
    self.session['username'] = 'Bob'

All standard dictionary methods are implemented.

How Sessions Are Cached

Session data is stored both in the datastore and memcache. Every write/delete of session data will update the memcache. During a read, first the memcache is checked, and if that fails, the datastore is checked. If a hit fails in memcache, but works in the datastore, the memcache is updated.

Session Id Regneration

Because Google Appengine doesn't support SSL (as of the writing of this document), session id regeneration was implemented in and effort to secure sessions. Session tokens are changed on a regular basis in both the browser and server.

Session Arguments

Sessions take the following arguments on initializaion:

  • Args:
    • cookie_name: The name for the session cookie stored in the browser.
  • session_expire_time: The amount of time between requests before the
    • session expires.
  • clean_check_percent: The percentage of requests the will fire off a
    • cleaning routine that deletes stale session data.
  • integrate_flash: If appengine-utilities flash utility should be
    • integrated into the session object.
  • check_ip: If browser IP should be used for session validation
  • check_user_agent: If the browser user agent should be used for
    • sessoin validation.
  • set_cookie_expires: True adds an expires field to the cookie so
    • it saves even if the browser is closed.
  • session_token_ttl: Number of sessions a session token is valid
    • for before it should be regenerated.

Comment by efleming, Feb 02, 2009

Can I store an object in a session? I have a person object that is a model class. I am trying to store it in the session but when I try and retrieve the data, nothing is returned.

Comment by 061998, Feb 11, 2009

How about using JSON integration with GWT; do cookies even apply then?

Comment by bowman.joseph, Apr 29, 2009

Sorry, it appears there are no notifications for comments on the wiki, I'll look into finding out a way if there's a way to set that up. Objects should store just fine in session, if you're using the datastore writer. The cookie writer only uses json, as it's insecure to store pickled data in the browser and retrieve it.

As for GWT, never used it. I'm not sure how this would apply as I understand GWT is a java based engine for creating javascript?

Comment by lrhazi, Aug 01, 2009

I think "self" in the example code is confusing...What is it supposed to be? Thanks.

Comment by darylpet, Dec 17 (2 days ago)

self is the class that calls it


Sign in to add a comment
Hosted by Google Code