librelist archives

home // archives //

« back to archive

Question about Sessions

Question about Sessions

From:
Ishbir Singh
Date:
2011-08-08 @ 14:20 
Hello,

I had a few questions about the session object used in Flask. First, I know
that what it does is store an encrypted cookie on the user's side which
contains the user's session id. But, how do I change the domain of this
cookie so that it persists across sub-domains? Secondly, as far as I know (I
could be wrong), Flask stores sessions as a file on the server side. Can I
change this behaviour so that the sessions persist across multiple servers?
For example, store it in a database like MongoDB?

What I am doing is, I have a website, which is basically a frontend and it
does basic actions (user interface). On the backend lie 3 servers which
handle the main stuff. I know how to route requests to a server and that is
not an issue. However, I want the other servers to check if the user is
logged in, get user details etc.

Any help?

Regards,
Ishbir Singh

Re: [flask] Question about Sessions

From:
Armin Ronacher
Date:
2011-08-08 @ 14:26 
Hi,

On 8/8/11 4:20 PM, Ishbir Singh wrote:
> I had a few questions about the session object used in Flask. First, I
> know that what it does is store an encrypted cookie on the user's side
> which contains the user's session id. But, how do I change the domain of
> this cookie so that it persists across sub-domains?
By setting the SERVER_NAME config key.

> Secondly, as far as
> I know (I could be wrong), Flask stores sessions as a file on the server
> side. Can I change this behaviour so that the sessions persist across
> multiple servers? For example, store it in a database like MongoDB?
Flask stores the sessions on the client and cryptographically signs them
to avoid tempering.  Flask 0.8 introduces pluggable session backends
which you can use to store the data in a server-side session store if
you really have to.


Regards,
Armin

Re: [flask] Question about Sessions

From:
Ishbir Singh
Date:
2011-08-08 @ 14:30 
Hey,

So what you're saying is that Flask doesn't store session ID's but the
entire session in an encrypted cookie. A session is just another name for
encrypted cookie. Right?

If I just change the SERVER_NAME key to an appropriate value like ".
domain.com", the session will persist across all the sub-domains, right?

On 8 August 2011 19:56, Armin Ronacher <armin.ronacher@active-4.com> wrote:

> Hi,
>
> On 8/8/11 4:20 PM, Ishbir Singh wrote:
> > I had a few questions about the session object used in Flask. First, I
> > know that what it does is store an encrypted cookie on the user's side
> > which contains the user's session id. But, how do I change the domain of
> > this cookie so that it persists across sub-domains?
> By setting the SERVER_NAME config key.
>
> > Secondly, as far as
> > I know (I could be wrong), Flask stores sessions as a file on the server
> > side. Can I change this behaviour so that the sessions persist across
> > multiple servers? For example, store it in a database like MongoDB?
> Flask stores the sessions on the client and cryptographically signs them
> to avoid tempering.  Flask 0.8 introduces pluggable session backends
> which you can use to store the data in a server-side session store if
> you really have to.
>
>
> Regards,
> Armin
>



-- 
Regards,
Ishbir Singh

Re: [flask] Question about Sessions

From:
Armin Ronacher
Date:
2011-08-08 @ 18:28 
Hi,

On 8/8/11 4:30 PM, Ishbir Singh wrote:
> So what you're saying is that Flask doesn't store session ID's but the
> entire session in an encrypted cookie. A session is just another name
> for encrypted cookie. Right?
Signed.  Not encrypted.

> If I just change the SERVER_NAME key to an appropriate value like
> ".domain.com <http://domain.com>", the session will persist across all
> the sub-domains, right?
Without the leading dot.  It automatically assumes that the session
cookie should be cross sub-domain in that case.


Regards,
Armin

Re: [flask] Question about Sessions

From:
Ishbir Singh
Date:
2011-08-25 @ 15:37 
Hey,

Sorry for bringing this up late but, whenever I put SERVER_NAME as the
domain name while the server is listening on a sub-domain, it keeps on
giving me 404 errors when I access it.

What could be the problem? And, the solution, if any?

On 8 August 2011 23:58, Armin Ronacher <armin.ronacher@active-4.com> wrote:

> Hi,
>
> On 8/8/11 4:30 PM, Ishbir Singh wrote:
> > So what you're saying is that Flask doesn't store session ID's but the
> > entire session in an encrypted cookie. A session is just another name
> > for encrypted cookie. Right?
> Signed.  Not encrypted.
>
> > If I just change the SERVER_NAME key to an appropriate value like
> > ".domain.com <http://domain.com>", the session will persist across all
> > the sub-domains, right?
> Without the leading dot.  It automatically assumes that the session
> cookie should be cross sub-domain in that case.
>
>
> Regards,
> Armin
>



-- 
Regards,
Ishbir Singh

Re: [flask] Question about Sessions

From:
Ron DuPlain
Date:
2011-08-08 @ 14:29 
On Mon, Aug 8, 2011 at 10:26 AM, Armin Ronacher
<armin.ronacher@active-4.com> wrote:
> Hi,
>
> On 8/8/11 4:20 PM, Ishbir Singh wrote:
>> I had a few questions about the session object used in Flask. First, I
>> know that what it does is store an encrypted cookie on the user's side
>> which contains the user's session id. But, how do I change the domain of
>> this cookie so that it persists across sub-domains?
> By setting the SERVER_NAME config key.

To expand on this:

If your domain is example.com, set SERVER_NAME to 'example.com' for
use across domain1.example.com, domain2.example.com, ....  This
presents a challenge in development, because you cannot have
subdomains on localhost.  See the "More on SERVER_NAME" callout in the
linked doc:

http://flask.pocoo.org/docs/config/#builtin-configuration-values

Personally, I use a domain with a DNS record that points to 127.0.0.1,
and set that as my SERVER_NAME.


>> Secondly, as far as
>> I know (I could be wrong), Flask stores sessions as a file on the server
>> side. Can I change this behaviour so that the sessions persist across
>> multiple servers? For example, store it in a database like MongoDB?
> Flask stores the sessions on the client and cryptographically signs them
> to avoid tempering.  Flask 0.8 introduces pluggable session backends
> which you can use to store the data in a server-side session store if
> you really have to.

... and to reiterate, Flask does not save sessions on the server.

Hope this helps,

Ron

Re: Question about Sessions

From:
Ishbir Singh
Date:
2011-08-08 @ 14:22 
Sorry for the second email, but I also want the CSRF tokens and all used in
Flask-WTForms to persist across servers. I'm assuming they use sessions.


On 8 August 2011 19:50, Ishbir Singh <webmaster@ishbir.com> wrote:

> Hello,
>
> I had a few questions about the session object used in Flask. First, I know
> that what it does is store an encrypted cookie on the user's side which
> contains the user's session id. But, how do I change the domain of this
> cookie so that it persists across sub-domains? Secondly, as far as I know (I
> could be wrong), Flask stores sessions as a file on the server side. Can I
> change this behaviour so that the sessions persist across multiple servers?
> For example, store it in a database like MongoDB?
>
> What I am doing is, I have a website, which is basically a frontend and it
> does basic actions (user interface). On the backend lie 3 servers which
> handle the main stuff. I know how to route requests to a server and that is
> not an issue. However, I want the other servers to check if the user is
> logged in, get user details etc.
>
> Any help?
>
> Regards,
> Ishbir Singh
>
>


-- 
Regards,
Ishbir Singh

Archives based on code by Armin Ronacher //