Webpy Session Reuse Problem
80 views
Skip to first unread message
Michael E. Karpeles
May 22, 2011, 5:00:06 PM5/22/11
to web.py
Howdy folks,
We've been using webpy for a simple e-commerce platform. One component
which requires sessions is our 'shopping cart'. We've been noticing
that, if we clear our cookies, we will occasionally be issued sessions
with unique ids, however, they seem to be generated with pre-existing
information. The result is different people on different clients are
issued unique sessions with non-empty carts. Moreover, it seems that
each client has the same items in their cart.
We have verified with unit testing that this is not a problem with our
cart. Our suspicion is that the cleanup() method is not behaving as we
expect when the session expiration (or timeout?) is reached. Because
these symptoms appear to show (approximately) every 24 hours, we have
a hunch that the sessions are being marked as expired but are being
recycled or re-issued without being cleaned / fully purged. On a side
note, we checked out the cleanup() method in web.session and it
doesn't seem to be doing much (set to raise a notImplementedError?).
Suspicious:
We're semi-confident about the session recycling theory because if we
repeatedly clear our cookies and refresh the page, our carts seem to
cycle through being pre-filled and being empty (possibly indicating it
is only issued an unclean session some of the time). However, we also
wonder if the actual problem is that instances of our webpy app are
the entities being cycled and not the sessions. This has been a
difficult bug to debug because it only seems to show up ever 24 hours,
even if we specify a timeout and expiration to be 1 minute.
Question:
Is this problem something we should be fixing in webpy sessions,
should we be moving to beaker sessions, or is there something we're
missing in our webpy application that is causing this behavior.
Our Session Parameters are as Follows:
web.config.session_parameters['cookie_domain'] = None
web.config.session_parameters['ignore_change_ip'] = False
web.config.session_parameters['ignore_expiry'] = False
web.config.session_parameters['timeout'] = 24 * 60 * 60 # 1 day
web.config.session_parameters['max_age'] = 24 * 60 * 60
Other Details:
- We're using a standard wsgi setup over apache.
- mysql dbms
- We're using a session load hook...
session_hook():
web.ctx.session = session
web.template.Template.globals['session'] = session
app.add_processor(web.loadhook(session_hook))
Thank you very much, in advance, for your insight and thoughtful
responses.
Sincerely,
- Michael E. Karpeles
- Stephen A. Balaban
http://babolabs.com
We've been using webpy for a simple e-commerce platform. One component
which requires sessions is our 'shopping cart'. We've been noticing
that, if we clear our cookies, we will occasionally be issued sessions
with unique ids, however, they seem to be generated with pre-existing
information. The result is different people on different clients are
issued unique sessions with non-empty carts. Moreover, it seems that
each client has the same items in their cart.
We have verified with unit testing that this is not a problem with our
cart. Our suspicion is that the cleanup() method is not behaving as we
expect when the session expiration (or timeout?) is reached. Because
these symptoms appear to show (approximately) every 24 hours, we have
a hunch that the sessions are being marked as expired but are being
recycled or re-issued without being cleaned / fully purged. On a side
note, we checked out the cleanup() method in web.session and it
doesn't seem to be doing much (set to raise a notImplementedError?).
Suspicious:
We're semi-confident about the session recycling theory because if we
repeatedly clear our cookies and refresh the page, our carts seem to
cycle through being pre-filled and being empty (possibly indicating it
is only issued an unclean session some of the time). However, we also
wonder if the actual problem is that instances of our webpy app are
the entities being cycled and not the sessions. This has been a
difficult bug to debug because it only seems to show up ever 24 hours,
even if we specify a timeout and expiration to be 1 minute.
Question:
Is this problem something we should be fixing in webpy sessions,
should we be moving to beaker sessions, or is there something we're
missing in our webpy application that is causing this behavior.
Our Session Parameters are as Follows:
web.config.session_parameters['cookie_domain'] = None
web.config.session_parameters['ignore_change_ip'] = False
web.config.session_parameters['ignore_expiry'] = False
web.config.session_parameters['timeout'] = 24 * 60 * 60 # 1 day
web.config.session_parameters['max_age'] = 24 * 60 * 60
Other Details:
- We're using a standard wsgi setup over apache.
- mysql dbms
- We're using a session load hook...
session_hook():
web.ctx.session = session
web.template.Template.globals['session'] = session
app.add_processor(web.loadhook(session_hook))
Thank you very much, in advance, for your insight and thoughtful
responses.
Sincerely,
- Michael E. Karpeles
- Stephen A. Balaban
http://babolabs.com
Ben Hayden
Oct 13, 2011, 12:59:57 AM10/13/11
to we...@googlegroups.com
Hey there, I know this is an older post, and I don't know if you are even still having this problem, but I sent a fix in for almost the *exact* same issue. My problem was that I used a nested dictionary for an initializer in the Session(...) constructor call and web.py was having a memory reference issue. Here's a link to the fix on github - https://github.com/webpy/webpy/pull/109.
Reply all
Reply to author
Forward
0 new messages