Login | Register
My pages Projects Community openCollabNet

Discussions > dev > Re: Fixes for sessions in r268

Project highlights: Stable Version: 1.6.1, Development Version: 1.7.6

current
Discussion topic

Back to topic list

Re: Fixes for sessions in r268

Reply

Author theslack
Full name Jack Neely
Date 2006-08-30 07:09:15 PDT
Message On 8/30/06, Pauline Middelink <middelink at polyware dot nl> wrote:
> Hi Jack,
>
> Wow, taken by suprise by the login changes. Slightly not
> happy about the change in passwd crypting, since my existing
> userbase now has a problem :(
>

I figured you'd say something. :-)

> But no worries, I switched to XML_RPC to login and get a
> session id, with which I can't do anything with (yet)
>
> Attached some minor fixes to get the session stuff working.
>
> The changes in the tables already include my queueing stuff, but
> more essential is the change in SESSIONS.sid, since a sha digest
> is 40 chars wide, not 32. It took a while to see why my website
> could not login.

Oops..yeah the session code was originally written a few years back
with MD5 was all the rage. Now that MD5 hashes are easily brute
forced... :-)

>
> Could not get the self.__load to work in SessionUser.login, so
> I put the code right in. (all 2 lines)
>

You think I test things before I commit them! Methods with 2
underscores are considered private and python mangles the name. I
just made it unprivate.

> Oh, and very important, when the session is ok, lets save it...
>

Thanks.

> I noticed there is no deletion of expired sessions, nor checking
> if the session is expired? We might want to do that before the
> SESSIONS table explodes :)
>

The sessions are cleaned everytime save() is called.

> (when this is added the svn, I will sent the hardware/queue stuff,
> it works and might help other ppl to fill their hardware/installed
> tables)
>
> PS. Not sure about the table name, PROFILE_QUEUE or just QUEUE?
> PROFILE_QUEUE indicates neatly it belongs to PROFILE, but
> HARDWARE and INSTALLED should be changed too than.
>

*shrug* I'd go for QUEUE. I've used ACTIONQUEUE in stateengine, and
there's code there that implements multiple queues (one per client) in
SQL.

Jack

> Met vriendelijke groet,
> Pauline Middelink
> --
> GPG Key fingerprint = 2D5B 87A7 DDA6 0378 5DEA BD3B 9A50 B416 E2D0 C3C2
> For more details look at my website http://www.polyware.​nl/~middelink
>
>
>

« Previous message in topic | 2 of 5 | Next message in topic »

Messages

Show all messages in topic

Fixes for sessions in r268 Pauline Middelink <middelink at polyware dot nl> Pauline Middelink <middelink at polyware dot nl> 2006-08-30 02:06:22 PDT
     Re: Fixes for sessions in r268 theslack Jack Neely 2006-08-30 07:09:15 PDT
         Re: Fixes for sessions in r268 Pauline Middelink <middelink at polyware dot nl> Pauline Middelink <middelink at polyware dot nl> 2006-08-30 10:09:42 PDT
             Re: Fixes for sessions in r268 theslack Jack Neely 2006-08-30 18:54:10 PDT
                 Re: Fixes for sessions in r268 Jared Greenwald <greenwaldjared at gmail dot com> Jared Greenwald <greenwaldjared at gmail dot com> 2006-08-30 19:56:46 PDT
Messages per page: