Re: Beaker cookies problems with proxy

Thread: Re: Beaker cookies problems with proxy

Search this list only Search all lists
Re: Beaker cookies problems with proxy
	2007-12-24 17:46:57
On Nov 17, 12:46 pm, Pavel Skvazh <pavel.skv...gmail.com> wrote: > Basic 0.8 settings:beaker.session.type=memorybeaker.session.cookie_exp ires = True > > The issue is not that easy to spot. As far as I've got the problem, > when I'm trying to access my site through office network, where all > PC's share the same IP, they all share the same session. > When I access the site from one PC, log in etc, the other gets the > same cookie once it's on the site. I'm rather confused how that's possible, unless you have a misbehaving HTTP proxy inside your network that is caching all network access to the web page when it shouldn't be. Beaker does not peg sessions to specific IP's, the session is determined by cookie, thus every browser has its own cookie, and its own session. This will work through proxies -- AOL users for example -- and for multiple computers behind a single IP. Thanks for the bit on cookie use, I'll clear up the docs and provide alternative ways to let you tell Beaker how to get the session ID in the next Beaker release. As a work-around, can you set a few cache headers in your BaseController's __call__ before it calls the WSGIController method? For example: class BaseController(WSGIController): def __call__(self, environ, start_response): response.headers['Pragma'] = 'no-cache' response.headers['Cache-Control'] = 'no-store,no-cache,must- revalidate,max-age=0' return WSGIController.__call__(self, environ, start_response) This should help ensure overly aggressive cache's don't cache the page content (thus appear to have the same session). Cheers, Ben --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to pylons-discussgooglegroups.com To unsubscribe from this group, send email to pylons-discuss-unsubscribegooglegroups.com For more options, visit this group at h ttp://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---

Re: Beaker cookies problems with proxy
	2007-12-25 02:06:42
Thanks a lot for the tip, I'll sure test it and give you a response tomorrow. Probably part of the issue is I'm doing session.invalidate on user exit and before the login to ensure all the previous session data is cleared so there won't be any leftovers. What'll be your best practice tip on this one? On Dec 25, 2:46 am, Ben Bangert <gasp...gmail.com> wrote: > On Nov 17, 12:46 pm, Pavel Skvazh <pavel.skv...gmail.com> wrote: > > > Basic 0.8 settings:beaker.session.type=memorybeaker.session.cookie_exp ires = True > > > The issue is not that easy to spot. As far as I've got the problem, > > when I'm trying to access my site through office network, where all > > PC's share the same IP, they all share the same session. > > When I access the site from one PC, log in etc, the other gets the > > same cookie once it's on the site. > > I'm rather confused how that's possible, unless you have a misbehaving > HTTP proxy inside your network that is caching all network access to > the web page when it shouldn't be. > > Beaker does not peg sessions to specific IP's, the session is > determined by cookie, thus every browser has its own cookie, and its > own session. This will work through proxies -- AOL users for example > -- and for multiple computers behind a single IP. > > Thanks for the bit on cookie use, I'll clear up the docs and provide > alternative ways to let you tell Beaker how to get the session ID in > the next Beaker release. > > As a work-around, can you set a few cache headers in your > BaseController's __call__ before it calls the WSGIController method? > For example: > > class BaseController(WSGIController): > def __call__(self, environ, start_response): > response.headers['Pragma'] = 'no-cache' > response.headers['Cache-Control'] = 'no-store,no-cache,must- > revalidate,max-age=0' > return WSGIController.__call__(self, environ, start_response) > > This should help ensure overly aggressive cache's don't cache the page > content (thus appear to have the same session). > > Cheers, > Ben --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to pylons-discussgooglegroups.com To unsubscribe from this group, send email to pylons-discuss-unsubscribegooglegroups.com For more options, visit this group at h ttp://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )