Wednesday, March 27, 2013

Re: Avoiding Sessions

Well, the intention of asking that Q was not to check any possible data-store alternatives but to understand the nuances of the cookie based approach. Am not a great security expert when it comes to cookies and the limitations that it 'can' cause down the lane - and hence.

On Wed, Mar 27, 2013 at 7:28 PM, Shawn Milochik <shawn@milochik.com> wrote:

Use django-redis-sessions as a back end instead of the database.

On Mar 27, 2013 9:35 AM, "Venkatraman S" <venkat83@gmail.com> wrote:
So, if i am right, usage of sessions makes an extra call to the DB for every view with login_required.

SELECT "auth_user"."id", "auth_user"."password", "auth_user"."last_login", "auth_user"."is_superuser", "auth_user"."username", "auth_user"."first_name", "auth_user"."last_name", "auth_user"."email", "auth_user"."is_staff", "auth_user"."is_active", "auth_user"."date_joined" FROM "auth_user" WHERE "auth_user"."id" = 3
   
..app\debug_toolbar\utils\tracking/db.py in execute(118)
  stacktrace = tidy_stacktrace(reversed(get_stack()))

I do not want to be finicky about this 'extra' DB call, but was wondering if someone has used the cookie-based approach and has avoided sessions altogether. I just wanted to understand the implications on security and what i need to be aware of when using cookies in this way. Any experiences?

-Venkat
http://twitter.com/venkasub

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
 
 
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)