Is there a relatively easy way to save and restore the session store? I'd rather not use redis but dropping the session data is going to be a problem.
I also noticed this post from earlier this year about Rails style sessions which don't require server side storage. Is that approach any more feasible today?
Am 30.12.2015 um 07:43 schrieb Brad Anderson:
Is there a relatively easy way to save and restore the session store? I'd rather not use redis but dropping the session data is going to be a problem.
I also noticed this post from earlier this year about Rails style sessions which don't require server side storage. Is that approach any more feasible today?
Unfortunately nothing has happened in that regard so far. It somehow got
forgotten along the way. But I've today made a few quick changes to make
it possible to store the session data in a cookie, along with a proof of
concept CookieSessionStore. It just requires some breaking changes for
code that derives from SessionStore and it currently creates a rather
ugly cyclic dependency between the session and the HTTP server modules.
I'll push it to GitHub once I have worked out the latter issue.
On Mon, 4 Jan 2016 20:29:17 +0100, Sönke Ludwig wrote:
Am 30.12.2015 um 07:43 schrieb Brad Anderson:
Is there a relatively easy way to save and restore the session store? I'd rather not use redis but dropping the session data is going to be a problem.
I also noticed this post from earlier this year about Rails style sessions which don't require server side storage. Is that approach any more feasible today?
Unfortunately nothing has happened in that regard so far. It somehow got
forgotten along the way. But I've today made a few quick changes to make
it possible to store the session data in a cookie, along with a proof of
conceptCookieSessionStore. It just requires some breaking changes for
code that derives fromSessionStoreand it currently creates a rather
ugly cyclic dependency between the session and the HTTP server modules.
I'll push it to GitHub once I have worked out the latter issue.
Any developments on this? I'd prefer not to use Redis as it tends to be another daemon process I need to maintain.
What do you think of a file based session store? I think PHP/Apache uses something like that. Probably wouldn't be a bad idea to do the same?
On Mon, 4 Jan 2016 20:29:17 +0100, Sönke Ludwig wrote:
... to store the session data in a cookie
Very bad idea! It is unacceptable to mix session store and cookies, they are designed for different purposes.
Am 06.12.2016 um 16:11 schrieb Alexey Kulentsov:
On Mon, 4 Jan 2016 20:29:17 +0100, Sönke Ludwig wrote:
... to store the session data in a cookie
Very bad idea! It is unacceptable to mix session store and cookies, they are designed for different purposes.
There are some valid uses for simple applications. For example storing a
couple of small configuration settings (maybe a user-defined theme or
display mode, such as what the dlang.org forums allow).
On Mon, 19 Dec 2016 12:35:26 +0100, Sönke Ludwig wrote:
There are some valid uses for simple applications. For example storing a
couple of small configuration settings (maybe a user-defined theme or
display mode, such as what the dlang.org forums allow).
If the data can be placed in a cookie - let's do it without using additional layers, imitating session. Explicit best implicit.
In general, decisions like this are are typical for early php. The vast experience of php community proved erroneousness of such an approach. This causes security problems, without giving a real benefits in the code.
It is much better to provide file-based session.
