A) Problem statement:
Setting the session backend to datastore will not work properly because every
call to auth.get_user_by_session() causes a put() to the datastore of the
session entity even if you didn't modify the session values.
That's caused because a call to auth.get_user_by_session() makes a call to
auth.get_session_data(pop=True). Pop=True will indeed pop the _user from the
session dict object (SessionDict from the webapp2_extras.sessions) which causes
the session to get the attribute modified to True.
Therefore when the handler completes it's tasks a call to save_session in the
handler dispatch method will check if the session was modified and if True
(which always is TRUE!!!) will do the put to the datastore.
B) What is the expected output? What do you see instead?
If you don't modify the user attributes don't make a RPC put to the datastore.
C) What version of the product are you using? On what operating system?
last version. The default in webapp2. This happens in debug mode and even in
production.
D) Please provide any additional information below.
This also happens with secure_cookie backend but it's not a problem because
it's not a RPC call.
E) Links to the source code:
https://webapp-improved.appspot.com/_modules/webapp2_extras/auth.html#Auth.get_u
ser_by_session
https://webapp-improved.appspot.com/_modules/webapp2_extras/sessions.html#Sessio
nDict
https://webapp-improved.appspot.com/_modules/webapp2_extras/appengine/sessions_n
db.html#DatastoreSessionFactory
Original issue reported on code.google.com by jandro.c...@gmail.com on 26 Feb 2015 at 11:01
Original issue reported on code.google.com by
jandro.c...@gmail.comon 26 Feb 2015 at 11:01