I have cherrypy server. It is working with files and I need to delete files when session expires. Is it possible call cherrypy function, when session is expired?
You could write your own session class that inherits from the already existing session class and overwrite the expiring method.
You can take a look at
http://github.com/3kwa/cherrys
it is not what you want but this guy has written a session class to use redis (a key/value storage) for sessions. And he uses the method I mentioned to overwrite methods with the desired behaviour. You may want to look into "cherrypy/lib/sessions.py" for an overview of session methods and classes.
It's not the most convenient solution, though.
Related
I have done some very basic authentication work in PHP. In PHP you can start a session and create a unique session ID to be stored in the cookies.
How does this work in ColdFusion? How can I start a session and assign a unique ID to it?
The backstory: I am trying to a create a log in page, I can create users and authenticate their login attempts but I need to know how to give them a unique session once they have logged in.
I've taken a look at the ColdFusion documentation. The only methods I could find for sessions seemed to be for browsers that don't use cookies for whatever reason. Am I missing something?
Yup, if in your application.cfm or application.cfc you set SessionManagement to 'true' then CF automatically creates a session for each new user. You can then set a property of the session (perhaps called 'loggedin') to be true or false to manage login state. Session duration is managed through the SessionTimeout property in application.cfc
You can also use the <cfloginuser> tag to manage whether a user is logged in, although some people avoid it
Take a look at this article for an overview of application.cfc
I need to add a key to my session object on the browser using angular.js. Is this possible?
It's not possible to change your session from client side.
If you mean changing client-side session window.sessionStorage then just ad key-value with the object.
Otherwise if you want to change server-side session this needs some work.
I assume you use some MVC framework. First create an action in a controller which logic should add key-value passed by parameter to you session. Map the action to some path. On client-side you should create service which makes $http.post call to that action path and value as data.
Security hint: Please don't parametrize key name unless you have some security checks server-side. This way malicious user won't be able to modify sensitive key-value in your sessions.
I want someone to tell me where to search for how to make a session between the client(s) and the server in RMI, i.e what is the name of that concept for searching purposes?
I named this the Remote Session pattern in my 2001 book.
The idea is to have a singleton RMI object, bound in the Registry, with nothing but a login() method. That method, if successful, returns a new RemoteSession object for every call, that contains the API you need for the session. RemoteSession is another remote interface of course. It also contains a logout() method, which unexports the object, and it also implements Unreferenced, as another way of terminating the session.
Each instance of RemoteSession can maintain client state, so it is a session object, and as the only way to get a RemoteSession object is via login(), it is secure to a first approximation.
As the manual says:
Note: The Session class does not utilize native PHP sessions. It
generates its own session data, offering more flexibility for
developers.
But when I store some data using $this->session->set_userdata(array('sample_key' => 'sample_value'));, in phpinfo() I can find sample_key and sample_value in that.
I hoped that the part
does not utilize native PHP sessions
to be meaning that it hides the session variables from phpinfo().
I'd always thought that it might be a security lack. Could it be?
As it seems, the values are urlencodeed.
CodeIgniter's "session" just stores the data in a cookie, and calls it a session. Native PHP sessions store the data on the server, and a "sessionID" in a cookie.
In phpinfo, you can see the variables, but it's your session, you can't see another user's session.
Why does Codeigniter do this? I mean isn't it very insecure if users can see which data is stored in their session? And and what if they change a value in the cookie?
Well, it's data about the user. If they want to change it... so what? I don't see how it's "insecure".
You can encrypt session data, or use databases for session data integrity verification.
The documentation is your friend; use it.
For what it's worth, it does seem daft that native PHP sessions aren't used. The documentation claims that this offers "more flexibility" to developers, but given the caveats listed on that page, I can't imagine how.
Storing session in Cookie is a worst practice, every browser has a size limit for cookie and cookie is a thing which get send every time with your request, though it is simple ajax request, this practice will only make your requests slow, I think while developing session library for Codeigniter they might hove thought, that user's will only store small amount of data in session, but its simply stupid idea to store a session in Cookie
check this out: https://bitbucket.org/xperez/core-session-storage-for-codeigniter
its a wrapper for ci_session interface with native php sessions and thus works also with memcached and not DB.
Cheers
Well, Codeigniter's out of the box interpretation of sessions is different to that of PHP sessions. You can still use PHP sessions if you want via the $_SESSION super global, but Codeigniter basically treats sessions as more convenient cookies. Although, you can make your sessions store in a database which is what I do and will prevent a user from changing session values.
If you want semi-secure session variables, use the in-built PHP ones if you don't want the hassle of making Codeigniter store session values in a database encrypted.
Everything is explained in the detailed documentation: http://codeigniter.com/user_guide/libraries/sessions.html