Re: Sessions without cookies for mobile sites
Thanks Michael, that sounds like exactly what I was looking for! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: Sessions without cookies for mobile sites
davo schrieb: > For the record, django/mobile ended up in the 'too difficult' basket > due to the session difficulties, which is a shame because we were > digging it development-wise. I'd love to use it for the next pure web > app though - keep up the good work guys :) There is a thread in django-developers about sessions without cookies. Search for 'Stateless sessions'. There seems to be an almost working implementation. Perhaps you can do it together. Michael -- noris network AG - Deutschherrnstraße 15-19 - D-90429 Nürnberg - Tel +49-911-9352-0 - Fax +49-911-9352-100 http://www.noris.de - The IT-Outsourcing Company --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: Sessions without cookies for mobile sites
For the record, django/mobile ended up in the 'too difficult' basket due to the session difficulties, which is a shame because we were digging it development-wise. I'd love to use it for the next pure web app though - keep up the good work guys :) --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: Sessions without cookies for mobile sites
Thanks for the reply Oliver, yep I've read it several times :) To clarify a little, I'm not having any problems with sessions themselves - everything (ie authentication, user registration, session tracking) is working fine. The problem I have is that django will only work on mobile devices that support cookies, and a lot of mobile devices don't. I want to use URL-based sessionIDs rather than cookie-based ones, and django deliberately doesn't support them. I was just wondering if anyone has any experience dealing with django/URL-based sessions & has any suggestions about how best to go about it, or should I just dive into django.contrib.sessions and try and get it working? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: Sessions without cookies for mobile sites
Have you read http://www.djangobook.com/en/beta/chapter12/ ? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: Sessions without cookies for mobile sites
Have you read http://www.djangobook.com/en/beta/chapter12/ ? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Sessions without cookies for mobile sites
Hi, I'm fairly new to Django (first post!) and have searched for a solution to this problem without finding anything useful - forgive me if this has been covered before. I'm currently working on a hybrid web/mobile app, and have hit a bit of a stumbling block because a lot of the phones on the Japanese market don't support cookies. "The Django sessions framework is entirely, and solely, cookie-based. It does not fall back to putting session IDs in URLs as a last resort, as PHP does. This is an intentional design decision. Not only does that behavior make URLs ugly, it makes your site vulnerable to session-ID theft via the "Referer" header." I understand the reasoning behind the above design decision (and i completely agree), but in this case URL-based sessions are a necessity (and are standard practice for mobile sites here, although I can't speak for the rest of the world). The risk of session-ID theft is unavoidable due to the limitations of current mobile devices. What would be the best way of implementing URL-based sessions? I've been looking at the contrib/sessions/ code, and am considering writing some custom middleware to try to deal with the problem, but I'm worried about the amount of work this may involve to get working. Has anyone else had any experience with url-based sessions, or have any pointers on a relatively painless way to go about it? I'm guessing building the session from a GET parameter wouldn't be too difficult, but re-writing all the links may be more troublesome. I'd like the whole thing to hook into request.user if possible, rather than creating a completely new session/authentication system. The main drawcard for me is Django's great templating setup, which looks like an easy way to serve XHTML/CHTML/HTML/HDML dependent on the phone model, but if I can't get around the session problem I might have to go back to PHP/XSLT (which I'd like to avoid if at all possible because I'm loving django so far). Any help/suggestions/advice would be much appreciated! thanks dave --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
