Webware for Python

> In previous versions of webware (0.8.1), when a session expires the
 > method Application.handleInvalidSession() was called, which basically
 > removes the _SID_ reference so the browser will stop requesting an
 > invalid session, and marks request._sessionExpired. So, I could ask
 > for the variable request._sessionExpired to realize whether or not
 > this request originally contained an expired session. ...
 > Now, in webware 0.9.1, the method Application.handleInvalidSession()
 > has disappear and no one updates the _sessionExpired attribute of the
 > request.

You're right. I found that Application.handleInvalidSession() was 
removed in March 2003 when Ian made a big rewrite of the Application 
module putting things into URLParser, Request and Response. It seems he 
forgot to reimplement handleInvalidSession().

The method isSessionExpired() returning the attribute _sessionExpired is 
still there, but it is not set anywhere.

Also, I found that the 'IgnoreInvalidSession' setting is not evaluated 
at all thought it is still documented in the config guide. The intent 
was that you get an error when this parameter is set to True, otherwise 
you have to check isSessionExpired() on your own. However, sessions are 
now always silently recreated when they expire. Neither _sessionExpired 
is set nor an error page is returned.

I have just checked in a small patch for setting _sessionExpired again.

I will also try to reimplement returning an error page for expired 
sessions if IgnoreInvalidSession=False (the default is True). Maybe 
instead of sending an error page, we should simply send a 408 Request 
Timeout error?

-- Christoph

> I will also try to reimplement returning an error page for expired 
> sessions if IgnoreInvalidSession=False (the default is True). Maybe 
> instead of sending an error page, we should simply send a 408 Request 
> Timeout error?

I have fixed it that way now, but sending "401 Session Expired" instead 
of "408 Request Timeout" since the latter is interpreted by Firefox 
differently (namely in the way it was actually intended). I think 401 is 
the proper error message for an expired session.

Thanks to Niurka for reporting that bug just in time before the final 
0.9.2 release. If there are any other bugs, please let me know.

-- Christoph

Christoph Zwerschke a =E9crit :
>> I will also try to reimplement returning an error page for expired=20
>> sessions if IgnoreInvalidSession=3DFalse (the default is True). Maybe=20
>> instead of sending an error page, we should simply send a 408 Request=20
>> Timeout error?
>>    =20
>
> I have fixed it that way now, but sending "401 Session Expired" instead=
=20
> of "408 Request Timeout" since the latter is interpreted by Firefox=20
> differently (namely in the way it was actually intended). I think 401 i=
s=20
> the proper error message for an expired session.
>
> Thanks to Niurka for reporting that bug just in time before the final=20
> 0.9.2 release. If there are any other bugs, please let me know.
>
>  =20
Hi
Is your fix available in the 0.9.2 beta? I'd like to test it...
Thanks

sophana a écrit:
> Is your fix available in the 0.9.2 beta? I'd like to test it...

The expired sessions fix has been added after the beta release, so you 
need to get it from the SVN. You can simply replace Application.py and 
HTTPExceptions.py in the WebKit folder from here: 
http://svn.w4py.org/Webware/trunk/WebKit/

If there are no objections, I'd like to release 0.9.2 with his fix 
without another beta. So if you could test it also, that would be good.

-- Chris