Storing long-term cookies as well as sessions?

[Theron Luhn]

I'm using beaker to securely store session data.  I have it configured to keep data for 24 hours.

However, there's also data I'd like to store for longer periods of time.  (It doesn't have to be secure.)  How can I do this?  Can I just use plain cookies somehow?

[Jonathan Vanasco]

what kind of data ?  what kind of application ?

i've done things like this under pyramid:

- store long-term 'cached' data in the database , keyed to a userid in the session.  refresh that into the session if the user is logged in, but that key is not present.  ( also save it whenever the values change )

    if 'user.id' in session and session['user.id']

        if 'user.longcached' not in session:

            session['user.longcached'] = lib.api_internal.get_user_longcache( request , session['user.id'] )

- store random crap in a cookie

    a- use a series of plaintext cookies for random identifiers

    b- use a cookie that is insecure, but secure enough for my needs.  drop all my data into a dict, convert to json, turn it into an encrypted or signed cookie.  on session activations , read this data, validate for a timely timestamp/signature, migrate into the session.  i wrote a library to help with this - https://github.com/jvanasco/insecure_but_secure_enough/blob/master/insecure_but_secure_enough/__init__.py

the big trick i learned was to get this stuff into the session as soon as possible.  just read the cookies once, migrate to session, and work from there.  it really simplifies debugging.