Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ability to have more than one cookie per domain (vary the path) #13

Open
wreleven opened this issue Dec 12, 2010 · 5 comments
Open

Ability to have more than one cookie per domain (vary the path) #13

wreleven opened this issue Dec 12, 2010 · 5 comments
Labels
ENHANCEMENT

Comments

@wreleven
Copy link

It would he handy to pass in a cookie_path variable to the SessionMiddleware to allow for multiple cookies / cookie_keys to be used on the same domain.

My case: I have a web app that has two distinct areas that required different security settings. One area doesn't allow session data to be stored in a cookie while the other one does. I am currently setting cookie_key to a different values but by doing so the first / alternative session get squashed.

If you have any suggestions - I'm all ears :)
@dound
Copy link
Owner

dound commented Dec 12, 2010

Interesting use case. This would be a bit of a complicated change to the source, but there is a cheap trick you could do to make this happen (see my next post for a proper solution): copy the library into a new module (e.g., gaessions2), refactor SessionModel to SessionModel2, prefix all memcache keys with "g2", and replace COOKIE_NAME_PREFIX with "g2".

Configure one copy of the library to use secure cookies and the other copy of the library to use datastore/memcache only. Then each area of your website can use the appropriate copy of the library.

This certainly isn't elegant, but it's relatively straightforward :).

@wreleven
Copy link
Author

That would work in the pinch for sure. Hrm - I see what you mean module wise though, would require a wee bit of work.

@dound
Copy link
Owner

dound commented Dec 12, 2010

Here's a more proper solution (which really isn't any harder than the hack above). Configure the SessionMiddleware for the part of the website which allows secure cookies.

Subclass SessionMiddleware and dynamically change cookie_only_threshold based on which section of the site you're in.

You'll also need to modify the source so that the session middleware can instruct the Session object what COOKIE_NAME_PREFIX it should use. Currently this value is just a global "constant" so you'll have to change that (and the other global "constants" which rely on it). This shouldn't be too hard, but let me know if you get stuck.

Dynamically choosing and applying the COOKIE_NAME_PREFIX should have a negligible performance impact, so if you come up with a patch perhaps we could work it in to the repo for wider distribution.

@wreleven
Copy link
Author

Thank you for the detail - I do appreciate it. I'll stake a stab at it tomorrow and see how it goes. Thank you again and if I come up with something good I'll msg you back.

@wreleven
Copy link
Author

I already use different "applications" so I don't need to dynamically adjust the cookie_only_threshold but I will check out what the COOKIE_NAME_PREFIX will do for me. It's way to late to think clearly but I feel like COOKIE_PATH could also be used to identify different cookies if I combined COOKIE_PATH and COOKIE_NAME_PREFIX as a key.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
ENHANCEMENT
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dound @wreleven