-
Notifications
You must be signed in to change notification settings - Fork 57
Home
dound edited this page Jul 3, 2011
·
31 revisions
gae-sessions provides a fast, lightweight Sessions middleware for Google App Engine using memcache+datastore for Python. See the readme for more information about the project and how to use it.
- The readme explains how to install and use gae-sessions.
- See how it compares to other session libraries.
- View the documentation.
- The library is tested with significant functionality tests (test coverage data).
- If you have questions or need help, try posting to the gae-sessions group at [email protected] or visiting the google group webpage.
- Add support for expiring cookie sessions when the browser closes.
- Add the Vary header when appropriate (enables users to also use Django cache middleware).
- Thanks to Elias Naur for providing the patch for both of the above improvements.
- gae-sessions is now thread-safe.
- Thanks to Sylvain for suggesting this.
- Corrupt session data is now handled more gracefully.
- Thanks to Chris for suggesting a patch to accomplish this.
- Add
set_current_session()- Thanks to Calvin for the initial implementation of this method.
- memcache keys associated with sessions now expire when the associated session expires.
- In the past, they would remain until memcache evicted them.
- Thanks to Anton for reporting this issue.
- Resolved
Issue #10/ Add new option which instructs the client to only send session cookies over a secure channel.- Thanks to msmart for suggesting this.
- Resolved
Issue #8/ GAE 1.3.6 compatibility: explicitly specify namespace for all datastore/memcache operations.- Thanks to owebeeone for suggesting this.
- This ensures session data is always stored and retrieved from the same namespace.
- Compatibility fix: Internet Explorer no longer discards gae-sessions cookies when the browser is closed.
- Apparently, IE requires cookie expirations to be specified in GMT (v1.02 specified them in PST).
- Security improvement: gae-sessions’ cookies now specify
HttpOnlywhich instructs browsers to make them inaccessible to JavaScript. This helps prevent some XSS attacks (details here).
- Bug fix: The sessions cleanup method would fail if there were >500 expired sessions.
- Added
DjangoSessionMiddleware– enable Django users to use gae-sessions.
- Secure cookies are now used for small sessions. This is 10-100x faster!
- This feature may disabled by passing
cookie_only_threshold=0toSessionMiddleware.
- This feature may disabled by passing
- Pickle format v2 is now used. This improves performance a bit.
- Added significant tests to automatically verify correctness as best as possible.
- Expiration times are now specified as UNIX timestamps (instead of datetime objects).
- The
memcache_onlyoption is now calledno_datastore. - Several other minor code improvements.
- Added a
memcache_onlyoption (defaults to False). -
SessionMiddleware.__init__()now takes configuration parameters (see the readme for details).- In the past, you had to edit the source to change the configuration.
- Performance fix: if
set_quick()was called multiple times, data might be persisted to the datastore unnecessarily.
- Refactored
user_is_now_logged_in()toregenerate_id()and documented it in the readme. - Fixed a regression in v0.7 which caused old session data to be deleted when changing session IDs.
-
set_quick()now starts a new session if one isn’t currently active – just like__setitem__(). - Documentation strings have been improved
- Support has been added for generating documentation via sphinx.
- Session data is now lazily loaded. If you don’t read/write it, no overhead is added.
- Expiration date handling has been improved.
- Starting in v0.5, expiration time is in the sid, so there is no need to also store it in the session data.
- Added
clear()method to Session. - Cleanly handle bogus cookies which specify session ID to be the empty string.
- Session data can now be retrieved manually (via session ID).
- Resolved
Issue #2: added support for cleaning up expired sessions from the datastore.- Thanks to Amir Shimoni for suggesting this
- Added a demo cronjob which uses the provided cleanup function to remove expired sessions daily.
- Fix regression in v0.04 which caused the datastore to never be used (oops).
- Added support for “quick” methods which only save changes to memcache (avoiding a datastore put).
- Added a new demo which uses Google Accounts for authentication.
- The original demo now works regardless of what port the development server is running on.
- Cleanly handle any
db.delete()failure (could occur if the datastore goes into read-only mode, etc.) - Fixed
Issue #1: A license is now specified (Apache License v2).
- Initial Beta Release