gae-sessions provides a fast, lightweight Sessions middleware for Google App Engine using memcache+datastore for Python. See the readme for more information about the project and how to use it.
- Add support for expiring cookie sessions when the browser closes.
- Add the Vary header when appropriate (enables users to also use Django cache middleware).
- Thanks to Elias Naur for providing the patch for both of the above improvements.
- gae-sessions is now thread-safe.
- Thanks to Sylvain for suggesting this.
- Corrupt session data is now handled more gracefully.
- Thanks to Chris for suggesting a patch to accomplish this.
- Thanks to Calvin for the initial implementation of this method.
- memcache keys associated with sessions now expire when the associated session expires.
- In the past, they would remain until memcache evicted them.
- Thanks to Anton for reporting this issue.
Issue #10 / Add new option which instructs the client to only send session cookies over a secure channel.
- Thanks to msmart for suggesting this.
Issue #8 / GAE 1.3.6 compatibility: explicitly specify namespace for all datastore/memcache operations.
- Thanks to owebeeone for suggesting this.
- This ensures session data is always stored and retrieved from the same namespace.
- Compatibility fix: Internet Explorer no longer discards gae-sessions cookies when the browser is closed.
- Apparently, IE requires cookie expirations to be specified in GMT (v1.02 specified them in PST).
- Security improvement: gae-sessions’ cookies now specify
- Bug fix: The sessions cleanup method would fail if there were >500 expired sessions.
DjangoSessionMiddleware – enable Django users to use gae-sessions.
- Secure cookies are now used for small sessions. This is 10-100x faster!
- This feature may disabled by passing
- Pickle format v2 is now used. This improves performance a bit.
- Added significant tests to automatically verify correctness as best as possible.
- Expiration times are now specified as UNIX timestamps (instead of datetime objects).
memcache_only option is now called
- Several other minor code improvements.
- Added a
memcache_only option (defaults to False).
SessionMiddleware.__init__() now takes configuration parameters (see the readme for details).
- In the past, you had to edit the source to change the configuration.
- Performance fix: if
set_quick() was called multiple times, data might be persisted to the datastore unnecessarily.
regenerate_id() and documented it in the readme.
- Fixed a regression in v0.7 which caused old session data to be deleted when changing session IDs.
set_quick() now starts a new session if one isn’t currently active – just like
- Documentation strings have been improved
- Support has been added for generating documentation via sphinx.
- Session data is now lazily loaded. If you don’t read/write it, no overhead is added.
- Expiration date handling has been improved.
- Starting in v0.5, expiration time is in the sid, so there is no need to also store it in the session data.
clear() method to Session.
- Cleanly handle bogus cookies which specify session ID to be the empty string.
- Session data can now be retrieved manually (via session ID).
Issue #2 : added support for cleaning up expired sessions from the datastore.
- Added a demo cronjob which uses the provided cleanup function to remove expired sessions daily.
- Fix regression in v0.04 which caused the datastore to never be used (oops).
- Added support for “quick” methods which only save changes to memcache (avoiding a datastore put).
- Added a new demo which uses Google Accounts for authentication.
- The original demo now works regardless of what port the development server is running on.
- Cleanly handle any
db.delete() failure (could occur if the datastore goes into read-only mode, etc.)
Issue #1 : A license is now specified (Apache License v2).