1
session = get_current_session()
a1 = session.has_key('account.logged') # is true
session2 = Session(sid=session.sid)
a2 = session2.has_key('account.logged') # is false

why a2 is not equal to a1?

solution: it must be saved to datastore: How to get current session with only the SID?

Community
  • 1
  • 1
Totty.js
  • 15,563
  • 31
  • 103
  • 175

1 Answers1

1

Good question. Retrieving a session by session ID (SID) requires that the session be stored on the server (either in memcache or the datastore). By default, gae-sessions only stores the session in a secure client-side cookie. This is much faster than storing it to the datastore or even memcache (see the performance comparison section at the bottom of this article).

If you want to retrieve a session by SID, then you have to force the session to be stored on the server. You can do this by either turning off cookie-only sessions (only recommended if you need to retrieve by SID often) or by forcing a particular session to be stored server-side (by passing persist_even_if_using_cookie=True to save()). More details here.

David Underhill
  • 15,896
  • 7
  • 53
  • 61
  • "By default, gae-sessions only stores the session in a secure client-side cookie." I have my doubts, but how secure is it? I don't trust nothing on client. – Totty.js Nov 10 '10 at 22:43