Changes between Version 2 and Version 3 of TracDev/TracSession
- Timestamp:
- Feb 23, 2016, 8:15:54 PM (8 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TracDev/TracSession
v2 v3 1 = Session =1 = Session 2 2 3 3 A session is a stateful abstraction over the stateless HTTP protocol. Basically, repeated requests from the same user / computer form a session. Per-session state is needed to remember essential information like: 4 * If the user is logged in 5 * The user's authentication details 6 * The user's [wiki:TracDev/ReleaseNotes/0.11#UserPreferences preferences] 4 * Whether the user is logged in. 5 * The user's authentication details. 6 * The user's [wiki:TracDev/ReleaseNotes/0.11#UserPreferences preferences]. 7 7 8 This is commonly implemented using cookies. 8 9 9 == Session user interface ==10 == Session user interface 10 11 11 12 In Trac's [/prefs/advanced Advanced Preferences] the user can save a session key and restore his session from a different computer. 12 13 13 == Session administration ==14 == Session administration 14 15 15 16 Session keys can also be managed using the [wiki:TracAdmin#FullCommandReference TracAdmin] ''session'' commands. 16 17 17 == Session API ==18 == Session API 18 19 19 20 [source:trunk/trac/web/session.py trac.web.session.Session] provides an API to save arbitrary per-session data. … … 21 22 The session for the current web request can be accessed in {{{req.session}}}. 22 23 23 == Session storage in the Database ==24 == Session storage in the Database 24 25 25 The per-session data is stored in the database. Specifically in the `session` and the `session_attribute` [wiki:TracDev/DatabaseSchema tables]. (The session key / cookie identifies the relevant entries in these tables.)26 The per-session data is stored in the database. Specifically in the `session` and the `session_attribute` [wiki:TracDev/DatabaseSchema tables]. The session key / cookie identifies the relevant entries in these tables. 26 27 27 Note: as we often manipulate both the `session` and the `session_attribute` tables, there's a possibility of table deadlocks (#9705). We try to prevent them to happen by always accessing the tables in the same order within the transaction,first `session`, then `session_attribute`.28 Note: as we often manipulate both the `session` and the `session_attribute` tables, there's a possibility of table deadlocks (#9705). We try to prevent them by always accessing the tables in the same order within the transaction: first `session`, then `session_attribute`. 28 29 29 == Session cookie ==30 == Session cookie 30 31 31 32 The session key is stored in the ''trac_session'' cookie. 32 33 33 == Authentication cookie ==34 == Authentication cookie 34 35 35 The [source:trunk/trac/web/auth.py trac.web.auth.LoginModule] implements HTTP authentication and stores the ''trac_auth'' cookie to identify the user in subsequent requests. The credentials are stored in the ''auth_cookie'' [wiki:TracDev/DatabaseSchema database table]. (The cookie identifies the relevant entry in that table.)36 The [source:trunk/trac/web/auth.py trac.web.auth.LoginModule] implements HTTP authentication and stores the ''trac_auth'' cookie to identify the user in subsequent requests. The credentials are stored in the ''auth_cookie'' [wiki:TracDev/DatabaseSchema database table]. The cookie identifies the relevant entry in that table. 36 37 37 38 The lifetime and the path of this cookie can be configured in [wiki:TracIni#trac-section trac.ini] with ''auth_cookie_lifetime'' and ''auth_cookie_path''.