Cookie Based SID

A cookie based session has the advantage that it lasts until the cookie expires and, as only the SID travels the net, it is faster and safer. The disadvantage is that the client must have cookies enabled.

The only particularity with the cookie used to set a session is its value:

# The sid will be a hash of the server time
   sid = sha.new(repr(time.time())).hexdigest()

The hash of the server time makes an unique SID for each session.

#!/usr/bin/env python

import sha, time, Cookie, os

cookie = Cookie.SimpleCookie()
string_cookie = os.environ.get('HTTP_COOKIE')

# If new session
if not string_cookie:
   # The sid will be a hash of the server time
   sid = sha.new(repr(time.time())).hexdigest()
   # Set the sid in the cookie
   cookie['sid'] = sid
   # Will expire in a year
   cookie['sid']['expires'] = 12 * 30 * 24 * 60 * 60
# If already existent session
else:
   cookie.load(string_cookie)
   sid = cookie['sid'].value

print cookie
print 'Content-Type: text/html\n'
print '<html><body>'

if string_cookie:
   print '<p>Already existent session</p>'
else:
   print '<p>New session</p>'

print '<p>SID =', sid, '</p>'
print '</body></html>'

In every page the existence of the cookie must be tested. If it does not exist then redirect to a login page or just create it if a login or a previous state is not required.

Web Python Tutorial

About

Cookie Based SID