Reputation: 1720
Change cookies path in webapp2
I'm using webapp2 sessions lib on appengine. In my App the default path for cookies is /, but I want an special cookie to be valid only on /api/.*. The set_cookie method does not allow to specify the configuration for the new cookie, only the name and backend of the cookie. I also didn't find a way to change the path after creating the cookie.
from webapp2_extras import sessions
sessions_store = sessions.get_store(request=self.request)
special_cookie = sessions_store.get_session(name='special_cookie', backend='securecookie')
... # change ``special_cookie`` path ? how?
Thanks!
Upvotes: 1
Views: 1218
Answers (2)
Reputation: 13140
You aren't using cookies, you're using session data. That's entirely different. Cookies are stored in the browser, sessions are stored in the server. Because the idea of a session is that it's side-wide, you'll have to manually implement whatever path-specific logic you have in mind.
If you want to use an actual cookie with a specific path, that's easy and documented in the web2py docs:
response.cookies['mycookie'] = 'somevalue'
response.cookies['mycookie']['expires'] = 24 * 3600
response.cookies['mycookie']['path'] = '/'
What's the difference between a session and a cookie? A cookie is a single chunk of information stored on the browser. So for example, if you want to keep track of shopping cart contents, plus font size preference, you might store several cookies, like so:
- SHOPPING_CART: Item1,Item2,Item3
- FONT_SIZE: 12pt
- NAME: Fred
Each of those variables would be stored in the browser with cookies. With a session, you only store one piece of information in the browser, a session_id:
- SESSION_ID: 56a3y678
Then on the server side, you'll have a session database that might look like this:
| SESSION_ID | KEY | VALUE
---------------------------------------------------
| 56a3y678 | shopping-cart | Item1,Item2,Item3
| 56a3y678 | font-size | 12pt
| 56a3y678 | name | Fred
Storing information like this server side has a number of advantages. For one, you can store more information than the browser might let you. Also, because the server maintains its own database, you can trust it more safely; while a cookie of is_admin_user could not be trusted, a session variable could, generally.
The downside, obviously, is that instead of relying on the browser to keep everything updated, you're relying on your server software. So for example, if you have 10 web servers and users rotate between them, they all must talk to the same session database in order to work right.
Upvotes: 4
Reputation: 1803
By default SessionStore class is instantiated using default configuration options, where path for cookie_args is set to '/'.
If you want your cookie to have a different path, e.g. /api, you will want to create your own instance of SessionStore class. It can be instantiated with overridden configuration values. This way you can have session store, which is valid only for specified path.
Upvotes: 1
Related Questions
- Webapp2 Python set_cookie does not support samesite cookie?
- webob cookies
- How to set HTTPONLY to the auth cookie generated by webapp2 auth module?
- Google App Engine, Python, deleting a cookie or changing its value?
- How to set Secure Cookie on WSGI applications in python
- Cookies using Python and Google App Engine
- Google App Engine - Basic Cookie Handling with URLFetch
- Getting error while trying to add header with Set-Cookie in GAE
- appengine python Set-Cookie problem
- Appengine: How can I set another cookie when use google OAuth login logout