best practice for user sessions
32 views
Skip to first unread message
Bob
Feb 5, 2011, 2:03:14 AM2/5/11
to gae-sessions
Does anyone have any best practices to suggest for using gaesessions
to keep your user logged in? I'm using oauth from an oauth provider as
my registration/login method. And currently I'm just saving the entire
user object in my session. But that seems a little wasteful to me, as
I have a lot of info in my user model that I won't need on every page.
And loading up cookies on your primary domain (where you serve static
files) isn't really best practice if you want to have fast load times.
So I was curious how others are using gaesessions (assuming you're
using it to track users). Do you just store the whole user record in
your session? Or do you create a separate session model with a subset
of the user info and load the user object only when you need it?
Hmm.... I suppose the user object could be one attribute of the
session object, and since app-engine lazy-loads objects that would be
pretty much what you need.
So anyway, I see how to use gaesessions from the docs, but would love
to hear best practices of how you're using gaesessions.
Thanks,
Bob
to keep your user logged in? I'm using oauth from an oauth provider as
my registration/login method. And currently I'm just saving the entire
user object in my session. But that seems a little wasteful to me, as
I have a lot of info in my user model that I won't need on every page.
And loading up cookies on your primary domain (where you serve static
files) isn't really best practice if you want to have fast load times.
So I was curious how others are using gaesessions (assuming you're
using it to track users). Do you just store the whole user record in
your session? Or do you create a separate session model with a subset
of the user info and load the user object only when you need it?
Hmm.... I suppose the user object could be one attribute of the
session object, and since app-engine lazy-loads objects that would be
pretty much what you need.
So anyway, I see how to use gaesessions from the docs, but would love
to hear best practices of how you're using gaesessions.
Thanks,
Bob
Anton Danilchenko
Feb 7, 2011, 11:06:39 AM2/7/11
to gae-se...@googlegroups.com
Visit our "GAE framework" support group. We have some people who works with OAuth and OpenID auth.
David Underhill
Feb 14, 2011, 10:40:50 PM2/14/11
to gae-se...@googlegroups.com
I copy the most important, frequently used details from the my User entity into the session. For values which aren't commonly used, I just fetch these as needed (uncommon).
You have an interesting point about static files being served on the same domain that you're setting your session cookies on. The easiest way around this is to serve static files from a separate subdomain. You should be able to do this with no problem on app engine (just hook up an additional, separate domain for the static files, and make sure all your references to these files use this subdomain).
~ David
Reply all
Reply to author
Forward
0 new messages