cherrypy-users Google Group

Re: [cherrypy-users] Re: sessions/cookies

arna...@gmail.com (Arnar Birgisson) — Sun, 07 Sep 2008 15:29:57 UT

Why? The mechanism to read and set cookies is there in JS, there's
nothing wrong with using it.
There is absolutely no restriction that says you can pass only one
variable in the result. Packing up a lot of data in a string and then
parsing it is quite common practice. I'd recommend using JSON, as
parsing it on the client side requires nothing more than a call to

Re: [cherrypy-users] Re: sessions/cookies

brahmafor...@gmail.com (arjuna) — Sun, 07 Sep 2008 14:45:53 UT

Hi Pawel:
If both client and server need to know the same shared state, then something
is probably wrong. I've never needed to access cookie data in the
javascript.
Normally I would just have passed the variable fro, the server to the client
as a straight variable. The complication is in using AJAX where I return one

RE: [cherrypy-users] Re: sessions/cookies

fuman...@aminus.org (Robert Brewer) — Sun, 07 Sep 2008 14:34:19 UT

Correct. If your implementation is noticeably slower because the client sends another header, then either 1) you need something faster, more persistent, and at a smaller grain than HTTP, or 2) you need to rearchitect your app to send fewer requests and larger messages. HTTP-the-protocol is optimized for fewer, larger messages, regardless of implementation. There's also 3) you haven't noticed anything yet because your optimization is premature. I'm leaning toward that one. ;)

Re: [cherrypy-users] Re: sessions/cookies

pstradom...@gmail.com (Paweł Stradomski) — Sun, 07 Sep 2008 13:52:44 UT

W liście arjuna z dnia niedziela, 7 września 2008:
Let's don't overestimate the problem.
Every request from the browser will contain the cookie. The response will only
contain it if it changes.
Also note, that you can not trust the data that comes from the cookie - it
should be treated as possibly malicious, just like data in the POST body and

Re: [cherrypy-users] Re: sessions/cookies

brahmafor...@gmail.com (arjuna) — Sun, 07 Sep 2008 04:15:36 UT

Folks:
Sorry if I sound simplistic, a bit of which I am, when it comes to thinking
about programming, correct me if i am wrong:
Sessions and cookies are both expensive in terms of resources. Sessions
should be avoided and turned off as much as possible
Say I have a user logged into my system. I store his user ID in a client

Re: 408 with v3.1 behind apache/mod_proxy

sylvain.hellegoua...@gmail.com (Sylvain Hellegouarch) — Sat, 06 Sep 2008 16:23:00 UT

FYI, it happens then: [link]

Re: 408 with v3.1 behind apache/mod_proxy

sylvain.hellegoua...@gmail.com (Sylvain Hellegouarch) — Sat, 06 Sep 2008 16:20:55 UT

FYI, I see the time out error consistently with CP 3.1 and httplib2
without any intermediary.

- Sylvain

Re: [cherrypy-users] lots of POST data

gir...@gmail.com (Eric Abrahamsen) — Sat, 06 Sep 2008 04:21:14 UT

It is indeed, using this config entry:
server.max_request_body_size =
Server config entries need to go under the global config namespace...
Yours,
Eric

Re: [cherrypy-users] Re: sessions/cookies

pstradom...@gmail.com (Paweł Stradomski) — Fri, 05 Sep 2008 22:14:00 UT

W liście Christian Wyglendowski z dnia piątek, 5 września 2008:
Well. AFAIK Rails only sign session cookies, but does not encyrpt them (as
opposed to ex. beaker, which can do both). This means the cookie can be read,
but not tampered with. The data in the cookie looks like garbage only because

lots of POST data

aoma...@gmail.com (Alexander Marks) — Fri, 05 Sep 2008 21:34:27 UT

I seem to be running into a size limit when I POST data. It seems to
be around 75MB. The client dies with "Connection reset by peer", and
CherryPy doesn't show any messages. Is this size limit something I can
tune?

Re: [cherrypy-users] Re: sessions/cookies

christ...@dowski.com (Christian Wyglendowski) — Fri, 05 Sep 2008 17:44:48 UT

It's a good idea to turn off sessions on your static-serving
subdirectories unless you absolutely need them.
That said, there are other reasons you wouldn't want to send the
session data in the actual cookie. You probably don't want someone
tampering with the data in the cookie and then sending it back. That

Re: [cherrypy-users] Re: sessions/cookies

t...@probo.com (Tim Roberts) — Fri, 05 Sep 2008 17:22:31 UT

basic_auth authentication has nothing to do with either cookies or
sessions. Remember that basic_auth works with straight HTML pages,
where there is no scripting at all. It is a separate, private
communication between the web server and the browser. There is no way
from the server side (that I am aware of) to force a basic_auth login to

Re: [cherrypy-users] Re: sessions/cookies

t...@probo.com (Tim Roberts) — Fri, 05 Sep 2008 17:16:59 UT

The answer is "half yes," not "BIG YES". Yes, you can read cookies from
Javascript. However, a session variable is stored within the CherryPy
process on the server side. It is not transmitted to the client. The
cookie is just a way for CherryPy to go find the stored session data for
this session

Re: sessions/cookies

hoteljo...@gmail.com (morecowbell) — Thu, 04 Sep 2008 17:39:51 UT

thanks for the quick reply.

very eductaed speculation. that works. i think i was assuming that cp
figures that out automatically,
just as rails does. my bad.
by itself. if i add tools.sessions.on i end up getting two "cookies"
a) the cookie generated by setCookie and
b) the cookie holding the session id

Re: [cherrypy-users] Re: sessions/cookies

brahmafor...@gmail.com (arjuna) — Fri, 05 Sep 2008 08:33:04 UT

The java in the previous post should read javascript