Edgewall Software

Changes between Version 2 and Version 3 of TracDev/TracSession


Ignore:
Timestamp:
Feb 23, 2016, 8:15:54 PM (4 years ago)
Author:
figaro
Comment:

Cosmetic changes

Legend:

Unmodified
Added
Removed
Modified
  • TracDev/TracSession

    v2 v3  
    1 = Session =
     1= Session
    22
    33A session is a stateful abstraction over the stateless HTTP protocol. Basically, repeated requests from the same user / computer form a session. Per-session state is needed to remember essential information like:
    4  * If the user is logged in
    5  * The user's authentication details
    6  * The user's [wiki:TracDev/ReleaseNotes/0.11#UserPreferences preferences]
     4 * Whether the user is logged in.
     5 * The user's authentication details.
     6 * The user's [wiki:TracDev/ReleaseNotes/0.11#UserPreferences preferences].
     7
    78This is commonly implemented using cookies.
    89 
    9 == Session user interface ==
     10== Session user interface
    1011
    1112In Trac's [/prefs/advanced Advanced Preferences] the user can save a session key and restore his session from a different computer.
    1213
    13 == Session administration ==
     14== Session administration
    1415
    1516Session keys can also be managed using the [wiki:TracAdmin#FullCommandReference TracAdmin] ''session'' commands.
    1617
    17 == Session API ==
     18== Session API
    1819
    1920[source:trunk/trac/web/session.py trac.web.session.Session] provides an API to save arbitrary per-session data.
     
    2122The session for the current web request can be accessed in {{{req.session}}}.
    2223
    23 == Session storage in the Database ==
     24== Session storage in the Database
    2425
    25 The per-session data is stored in the database. Specifically in the `session` and the `session_attribute`  [wiki:TracDev/DatabaseSchema tables]. (The session key / cookie identifies the relevant entries in these tables.)
     26The per-session data is stored in the database. Specifically in the `session` and the `session_attribute`  [wiki:TracDev/DatabaseSchema tables]. The session key / cookie identifies the relevant entries in these tables.
    2627
    27 Note: as we often manipulate both the `session` and the `session_attribute` tables, there's a possibility of table deadlocks (#9705). We try to prevent them to happen by always accessing the tables in the same order within the transaction, first `session`, then `session_attribute`.
     28Note: as we often manipulate both the `session` and the `session_attribute` tables, there's a possibility of table deadlocks (#9705). We try to prevent them by always accessing the tables in the same order within the transaction: first `session`, then `session_attribute`.
    2829
    29 == Session cookie ==
     30== Session cookie
    3031
    3132The session key is stored in the ''trac_session'' cookie.
    3233
    33 == Authentication cookie ==
     34== Authentication cookie
    3435
    35 The [source:trunk/trac/web/auth.py trac.web.auth.LoginModule] implements HTTP authentication and stores the ''trac_auth'' cookie to identify the user in subsequent requests. The credentials are stored in the ''auth_cookie'' [wiki:TracDev/DatabaseSchema database table]. (The cookie identifies the relevant entry in that table.)
     36The [source:trunk/trac/web/auth.py trac.web.auth.LoginModule] implements HTTP authentication and stores the ''trac_auth'' cookie to identify the user in subsequent requests. The credentials are stored in the ''auth_cookie'' [wiki:TracDev/DatabaseSchema database table]. The cookie identifies the relevant entry in that table.
    3637
    3738The lifetime and the path of this cookie can be configured in [wiki:TracIni#trac-section trac.ini] with ''auth_cookie_lifetime'' and ''auth_cookie_path''.