…ped (e.g., by some other middleware)
Previously, a global variable was used to store the session associated with the current request. This was sufficient in the past (and to date) but sometime in the future app engine is going to support threading. The minor change introduced by this commit ensures that gae-sessions will continue to work properly even when being used by multiple threads.
Bad data will result in an empty session being loaded. Typically, this should only happen if the developer makes some changes to class names stored in old sessions (which can no longer be decoded as a result).
…session object and want it to be auto-managed by the middleware
…ookie will expire when the browser session ends.
-- didn't set any expiration in the past, so it would remain in memcache until the session was terminated or memcache evicted it
…o only send cookies over SSL
…kies over a secure channel by setting the "Secure" attribute on cookies -- this is not done by default; it is only done if the user explicitly passes ssl_only=True to Session.start()
-- ensures session data is always stored and retrieved from the namespace '' (GAE 1.3.6 can set a different default namespace)
-- Internet Explorer discarded all cookies whose expirations were specified in PST when the browser was closed -- Internet Explorer now properly stores cookies (apparently it requires the time zone to be GMT)
…rate your secret key or existing sessions will be invalidated every time your app runs!
-- old version could pass up to 1,000 entities (if that many existed in the datastore)