diff options
| author | Lawouach <sh@defuze.org> | 2015-07-19 21:08:42 +0200 |
|---|---|---|
| committer | Lawouach <sh@defuze.org> | 2015-07-19 21:08:42 +0200 |
| commit | 2a72821b1da34f43f1b55fd1d8d7d379aee92732 (patch) | |
| tree | 62959d40b9dfb7494ec8d23ce2a433fdd2350d19 | |
| parent | 12cfcf78ce7f7d497e40a379e96083417c3d7858 (diff) | |
| download | cherrypy-2a72821b1da34f43f1b55fd1d8d7d379aee92732.tar.gz | |
fixes the session being generated again and again in this tutorial
| -rw-r--r-- | docs/tutorials.rst | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/docs/tutorials.rst b/docs/tutorials.rst index 68f11f35..659353c8 100644 --- a/docs/tutorials.rst +++ b/docs/tutorials.rst @@ -766,6 +766,7 @@ So let's simply focus on the application code itself: import random import sqlite3 import string + import time import cherrypy @@ -782,6 +783,7 @@ So let's simply focus on the application code itself: @cherrypy.tools.accept(media='text/plain') def GET(self): with sqlite3.connect(DB_STRING) as c: + cherrypy.session['ts'] = time.time() c.execute("SELECT value FROM user_string WHERE session_id=?", [cherrypy.session.id]) return c.fetchone() @@ -789,16 +791,19 @@ So let's simply focus on the application code itself: def POST(self, length=8): some_string = ''.join(random.sample(string.hexdigits, int(length))) with sqlite3.connect(DB_STRING) as c: + cherrypy.session['ts'] = time.time() c.execute("INSERT INTO user_string VALUES (?, ?)", [cherrypy.session.id, some_string]) return some_string def PUT(self, another_string): with sqlite3.connect(DB_STRING) as c: + cherrypy.session['ts'] = time.time() c.execute("UPDATE user_string SET value=? WHERE session_id=?", [another_string, cherrypy.session.id]) def DELETE(self): + cherrypy.session.pop('ts', None) with sqlite3.connect(DB_STRING) as c: c.execute("DELETE FROM user_string WHERE session_id=?", [cherrypy.session.id]) @@ -863,6 +868,14 @@ A better idea would be to associate the user's login or more resilient unique identifier. For the sake of our demo, this should do. +.. important:: + + In this example, we must still set the session to a dummy value + so that the session is not `discarded <https://cherrypy.readthedocs.org/en/latest/pkg/cherrypy.lib.html?highlight=fixation#session-fixation-protection>`_ + on each request by CherryPy. Since we now use the database + to store the generated string, we simply store a dummy + timestamp inside the session. + .. note:: Unfortunately, sqlite in Python forbids us |