Change admin to use cookie-based sessions

38 views
Skip to first unread message

Anthony

unread,
Jul 28, 2018, 4:44:44 PM7/28/18
to web2py-developers
How about changing the admin app to use cookie-based sessions (instead of the current behavior, which stores sessions in the GAE Datastore on GAE and otherwise on the filesystem). Switching to cookie-based sessions would no longer require special code for GAE and would allow the app to work on other hosts that do not allow filesystem access (or have ephemeral filesystems). Any downsides?

Anthony

Massimo DiPierro

unread,
Jul 28, 2018, 6:16:36 PM7/28/18
to web2py-d...@googlegroups.com
The main downside is that if one has many apps the cookies grow and exceed 4K and then one cannot login into admin any more.

On Jul 28, 2018, at 3:44 PM, Anthony <abas...@gmail.com> wrote:

How about changing the admin app to use cookie-based sessions (instead of the current behavior, which stores sessions in the GAE Datastore on GAE and otherwise on the filesystem). Switching to cookie-based sessions would no longer require special code for GAE and would allow the app to work on other hosts that do not allow filesystem access (or have ephemeral filesystems). Any downsides?

Anthony

--
-- mail from:GoogleGroups "web2py-developers" mailing list
make speech: web2py-d...@googlegroups.com
unsubscribe: web2py-develop...@googlegroups.com
details : http://groups.google.com/group/web2py-developers
the project: http://code.google.com/p/web2py/
official : http://www.web2py.com/
---
You received this message because you are subscribed to the Google Groups "web2py-developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py-develop...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Anthony

unread,
Jul 29, 2018, 12:46:57 PM7/29/18
to web2py-developers
On Saturday, July 28, 2018 at 6:16:36 PM UTC-4, Massimo Di Pierro wrote:
The main downside is that if one has many apps the cookies grow and exceed 4K and then one cannot login into admin any more.

I think only some browsers (IE and maybe Safari) have a per domain cookie size limit. In any case, this doesn't affect regular users, so if the limit is reached, it is simple enough for the developer to clear some cookies or just switch to another browser to access admin (we might be able to add a warning in the UI to this effect if the problem is detected in the browser). Alternatively, maybe we could at least add an optional setting for cookie-based admin sessions -- something like global_settings.admin_cookie_sessions, which could be set in routes.py.

Anthony
Reply all
Reply to author
Forward
0 new messages