One issue which can cause problems with applications is the way session modules send cookies. When writing a normal CGI application which simply prints information to the client's web browser you must send the HTTP header information to the web browser before the main body of the web page. Once the browser receives two carriage return characters \n\n
it knows that the information that follows is a web page and not more HTTP headers. This is why you always print Content-type: text/html\n\n
before printing <html> etc
.
The session handling module also prints HTTP headers to set cookie information and so it is important that the session handling code appears before you send the \n\n
characters to your browser otherwise the page may not display correctly. This is often hard to spot in application environments like mod_python or the WSGI where header information is separated from page content. If you have problems with the session code because pages are not displaying correctly check the headers are being sent correctly.
Of course the web.session
module allows you to disable this automatic cookie header printing and handle the cookie headers in the way your application wants. This is described in the section Custom Cookie Handling
later on in the documentation.