Skip to content


Subversion checkout URL

You can clone with
Download ZIP
branch: master
Commits on Jan 23, 2013
  1. Merge pull request #38 from girasquid/patch-1

    Update README.markdown
Commits on Jan 14, 2013
  1. Merge pull request #36 from rjernst/master

    Fix for issue #31 (Can't run demo code in python2.7)
Commits on Dec 31, 2012
  1. @girasquid

    Update README.markdown

    girasquid authored
    Fixed indentation in sample
Commits on Aug 11, 2012
  1. @rjernst
Commits on Sep 30, 2011
  1. Merge pull request #29 from mdornseif/master

    PEP8 compliance
  2. @mdornseif

    PEP8 compliance

    mdornseif authored
Commits on Jul 14, 2011
  1. Django fix: don't crash if the middleware's process_request() is skip…

    …ped (e.g., by some other middleware)
Commits on Jul 3, 2011
  1. update README and docs to v1.07

  2. make gae-sessions thread-safe

    Previously, a global variable was used to store the session associated with the
    current request.  This was sufficient in the past (and to date) but sometime in
    the future app engine is going to support threading.  The minor change
    introduced by this commit ensures that gae-sessions will continue to work
    properly even when being used by multiple threads.
  3. bad data now generates a warning rather than raising an exception

    Bad data will result in an empty session being loaded.  Typically, this should
    only happen if the developer makes some changes to class names stored in old
    sessions (which can no longer be decoded as a result).
  4. simplify set_current_session

    The caller can build their own Session object with minimal effort.
  5. @darktable

    added set_current_session for situations where you manually create a …

    darktable authored committed
    …session object and want it to be auto-managed by the middleware
  6. @eliasnaur

    Added support for Django cache middleware.

    eliasnaur authored committed
    The gae-sessions middleware will set the Vary header in the response if
    the session has been accessed.
  7. Leave out expiry field from session cookies (Fixes session cookies on…

    Elias Naur authored committed
    … IE)
Commits on Dec 15, 2010
  1. @eliasnaur

    Added support for expiry time value 0, which means that the session c…

    eliasnaur authored Elias Naur committed
    …ookie will expire when the browser session ends.
Commits on Dec 12, 2010
  1. update README and docs to v1.06

  2. fix: set memcache expiration time to session expiration time

      -- didn't set any expiration in the past, so it would remain in memcache until the session was terminated or memcache evicted it
Commits on Oct 2, 2010
  1. update readme to describe new option to instruct the client browser t…

    …o only send cookies over SSL
Commits on Sep 28, 2010
Commits on Sep 27, 2010
  1. update README and docs to v1.05

  2. add new "SSL only" option which forces clients to ONLY send their coo…

    …kies over a secure channel by setting the "Secure" attribute on cookies
      -- this is not done by default; it is only done if the user explicitly passes ssl_only=True to Session.start()
Commits on Aug 17, 2010
  1. update README and docs to v1.04

  2. explicitly specify namespace for all datastore/memcache operations

      -- ensures session data is always stored and retrieved from the namespace '' (GAE 1.3.6 can set a different default namespace)
Commits on Jul 24, 2010
  1. update README and docs to v1.03

  2. compatability improvement: specify expiration times in GMT

      -- Internet Explorer discarded all cookies whose expirations were specified in PST when the browser was closed
      -- Internet Explorer now properly stores cookies (apparently it requires the time zone to be GMT)
  3. security: specify HttpOnly as part of the cookie header

      -- instructs browsers to not allow JavaScript to access this cookie
      -- session cookies are only processed server-side, so this helps prevent some XSS attacks
Commits on Jul 10, 2010
  1. update docs and demo to highlight a "gotcha" - don't dynamically gene…

    …rate your secret key or existing sessions will be invalidated every time your app runs!
Commits on Jun 15, 2010
  1. update README and docs to v1.02

  2. bug fix: db.delete() can only take up to 500 entities at a time

      -- old version could pass up to 1,000 entities (if that many existed in the datastore)
Commits on May 25, 2010
Something went wrong with that request. Please try again.