|Version 3 (modified by 4 years ago) ( diff ),|
A session is a stateful abstraction over the stateless HTTP protocol. Basically, repeated requests from the same user / computer form a session. Per-session state is needed to remember essential information like:
- Whether the user is logged in.
- The user's authentication details.
- The user's preferences.
This is commonly implemented using cookies.
Session user interface
In Trac's Advanced Preferences the user can save a session key and restore his session from a different computer.
Session keys can also be managed using the TracAdmin session commands.
The session for the current web request can be accessed in
Session storage in the Database
The per-session data is stored in the database. Specifically in the
session and the
session_attribute tables. The session key / cookie identifies the relevant entries in these tables.
Note: as we often manipulate both the
session and the
session_attribute tables, there's a possibility of table deadlocks (#9705). We try to prevent them by always accessing the tables in the same order within the transaction: first
The session key is stored in the trac_session cookie.
The trac.web.auth.LoginModule implements HTTP authentication and stores the trac_auth cookie to identify the user in subsequent requests. The credentials are stored in the auth_cookie database table. The cookie identifies the relevant entry in that table.
The lifetime and the path of this cookie can be configured in trac.ini with auth_cookie_lifetime and auth_cookie_path.