Added support for storing Sessions in MongoDB #149

Closed
wants to merge 3 commits into
from

3 participants

@brownhead

Added MongoStore to web.session to support storing sessions in a MongoDB collection. Added appropriate doctests as well (as long as you have MongoDB running and pymongo installed things should run fine). Modified Session class to support user-defined session id creation and validation in order to take advantage of MongoDB's ObjectId object, but should be generic enough to be useful for other stores as well. Also made 'cosmetic' changes in a few places in the two files I was working in.

Tried to follow your style conventions. Hopefully I did alright.

@brownhead brownhead Added MongoStore to web.session to support storing sessions in a MongoDB
collection. Added appropriate doctests as well (as long as you have MongoDB
running and pymongo installed things should run fine). Modified Session class
to support user-defined session id creation and validation in order to
take advantage of MongoDB's ObjectId object, but should be generic enough to
be useful for other stores as well. Also made 'cosmetic' changes in a few
places.
da8ee1f
@aaronsw

Looks good to me. @anandology?

@anandology
@brownhead brownhead Added randomly generating ObjectIds in the doctest and in the example…
… code

provided for the MongoStore class. I did this to avoid an obvious Session
Token Hijacking attack.
e0671b6
@brownhead

I was initially going to do that rather than sending a pull request but I changed my mind once I realized I had to modify the Session class in order to get this working. Note I could have done it without modifying the Session class but it would have been much less efficient. You could pull only the session class modification?

Also, I realized the method I had chosen to show in the example and doctest created the session tokens very predictably by default so I committed a small change to correct this.

@brownhead brownhead closed this Dec 3, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment