help regarding this information
0 views
Skip to first unread message
app engine dude
Mar 5, 2009, 1:27:31 AM3/5/09
to appengine-utilities
hi,
hey when i login using sessions the following appers in
_AppEngineUtilities_Session Entities :
ID/Name ip last_activity ua
4030 <null> 2009-03-05 06:01:29.836273 <null>
4032 <null> 2009-03-05 06:08:50.699544 <null>
can any 1 xplain me this....
hey when i login using sessions the following appers in
_AppEngineUtilities_Session Entities :
ID/Name ip last_activity ua
4030 <null> 2009-03-05 06:01:29.836273 <null>
4032 <null> 2009-03-05 06:08:50.699544 <null>
can any 1 xplain me this....
app engine dude
Mar 5, 2009, 1:50:20 AM3/5/09
to appengine-utilities
I forgot to tell write this..
the data appears when i do the following
self.session = Session()
self.session['username']=username
the data appears when i do the following
self.session = Session()
self.session['username']=username
Joe Bowman
Mar 5, 2009, 9:52:32 AM3/5/09
to appengine-utilities
Interesting, I'm seeing this on the live site as well for a couple
sessions.
What browser are you using, and can you try other browsers to see if
you get the same results?
This won't impact sessions working, but does leave the session more
vulnerable to hijack. It may be your browser is not sending the user
agent string, or something is different about the string that makes it
so that the string isn't getting recorded correctly. Interesting.
So yes, please tell me what browser you are using to get those
results, and if you can test with a different browser to see how your
results may vary, that would be helpful also.
In the interim, your sessions should work, and if they are not for
some reason, you can also turn off ip and ua validation by setting
check_ip and check_user_agent to False when you initialise the class.
sessions.
What browser are you using, and can you try other browsers to see if
you get the same results?
This won't impact sessions working, but does leave the session more
vulnerable to hijack. It may be your browser is not sending the user
agent string, or something is different about the string that makes it
so that the string isn't getting recorded correctly. Interesting.
So yes, please tell me what browser you are using to get those
results, and if you can test with a different browser to see how your
results may vary, that would be helpful also.
In the interim, your sessions should work, and if they are not for
some reason, you can also turn off ip and ua validation by setting
check_ip and check_user_agent to False when you initialise the class.
app engine dude
Mar 5, 2009, 11:47:42 PM3/5/09
to appengine-utilities
hi,
As per your request i tried in various browsers:mozilla,internet
explorer, chrome. The same thing happens in every browser.not even one
but two entities are created with null values.If my app is used by
many people then my datastore get flooded with null values.can you fix
this??
As per your request i tried in various browsers:mozilla,internet
explorer, chrome. The same thing happens in every browser.not even one
but two entities are created with null values.If my app is used by
many people then my datastore get flooded with null values.can you fix
this??
Joe Bowman
Mar 6, 2009, 12:10:32 AM3/6/09
to appengine-utilities
Well, you shouldn't get flooded, because expired sessions are
automatically cleaned.
However, here's the block of the init that get's the values for that
information.
if 'HTTP_USER_AGENT' in os.environ:
self.session.ua = os.environ['HTTP_USER_AGENT']
else:
self.session.ua = None
if 'REMOTE_ADDR' in os.environ:
self.session.ip = os.environ['REMOTE_ADDR']
You'll need to figure out why that isn't working in your environment.
automatically cleaned.
However, here's the block of the init that get's the values for that
information.
if 'HTTP_USER_AGENT' in os.environ:
self.session.ua = os.environ['HTTP_USER_AGENT']
else:
self.session.ua = None
if 'REMOTE_ADDR' in os.environ:
self.session.ip = os.environ['REMOTE_ADDR']
You'll need to figure out why that isn't working in your environment.
app engine dude
Mar 6, 2009, 12:21:10 AM3/6/09
to appengine-utilities
No buddy. the expired sessions gets cleaned i agree with that. when i
delete my session the entities with sid's gets deleted but not the
null values.so if my app is logged by more users at a time then my
datastore has large number of null values.wht say?
delete my session the entities with sid's gets deleted but not the
null values.so if my app is logged by more users at a time then my
datastore has large number of null values.wht say?
Joe Bowman
Mar 6, 2009, 10:14:48 AM3/6/09
to appengine-utilities
ok I see on issue that I can resolve in the sessions code
os.environ['REMOTE_ADDR'] is used for session token creation, and it
appears that in some cases this is set to a null value. I'm seeing
these sessions in the demo on the live site, so will address this as
soon as I can, more than likely pulling that field out of the
generation of that value. It isn't necessary now that it's using the
key value of the session entity to create the token.
I'm not sure when I'll get a chance to fix this in the library itself,
but here's the fix I'll try first.
Around line 308 is the method:
def new_sid(self):
"""
Create a new session id.
"""
sid = str(self.session.key()) + md5.new(repr(time.time()) + \
os.environ['REMOTE_ADDR'] + \
str(random.random())).hexdigest()
return sid
I would change this to
def new_sid(self):
"""
Create a new session id.
"""
sid = str(self.session.key()) + md5.new(repr(time.time()) + \
str(random.random())).hexdigest()
return sid
It's interesting that the os.environ['REMOTE_ADDR'] field isn't always
getting populated with the users IP, so that's something I'll have to
look into as well.
os.environ['REMOTE_ADDR'] is used for session token creation, and it
appears that in some cases this is set to a null value. I'm seeing
these sessions in the demo on the live site, so will address this as
soon as I can, more than likely pulling that field out of the
generation of that value. It isn't necessary now that it's using the
key value of the session entity to create the token.
I'm not sure when I'll get a chance to fix this in the library itself,
but here's the fix I'll try first.
Around line 308 is the method:
def new_sid(self):
"""
Create a new session id.
"""
sid = str(self.session.key()) + md5.new(repr(time.time()) + \
os.environ['REMOTE_ADDR'] + \
str(random.random())).hexdigest()
return sid
I would change this to
def new_sid(self):
"""
Create a new session id.
"""
sid = str(self.session.key()) + md5.new(repr(time.time()) + \
str(random.random())).hexdigest()
return sid
It's interesting that the os.environ['REMOTE_ADDR'] field isn't always
getting populated with the users IP, so that's something I'll have to
look into as well.
Joe Bowman
Mar 8, 2009, 7:26:08 PM3/8/09
to appengine-utilities
OK, it's not actually as simple as above, I've finally gotten a chance
to look at it, and am crunch it have a fix at least in svn before I
have to stop for the night.
It appears that I'm creating empty sessions when new sessions are
created. I've found a couple issues where something like this could be
happening and am working on removing them.
to look at it, and am crunch it have a fix at least in svn before I
have to stop for the night.
It appears that I'm creating empty sessions when new sessions are
created. I've found a couple issues where something like this could be
happening and am working on removing them.
Joe Bowman
Mar 8, 2009, 7:44:45 PM3/8/09
to appengine-utilities
This is fixed in trunk and a new 1.2.1 release with this fix is
available.
available.
app engine dude
Mar 9, 2009, 1:12:51 AM3/9/09
to appengine-utilities
thnq 4 da fix...i will report da problem if any....
Reply all
Reply to author
Forward
0 new messages