Remove HTTP args processing? #13858
Unanswered
bryevdv
asked this question in
Internals and design (Q&A)
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Prompted by looking up some old code for this discussion: https://discourse.bokeh.org/t/sessions-reused-when-behind-iis-proxy/11501
Specifically:
Do we need three separate mechanisms for this? Can we drop HTTP arg processing for session ids and insist that it only be sent in an actual request header or token? I would have been worried about
server_session
but as a matter of fact it was already updated to use the request headers at some point: https://github.com/bokeh/bokeh/blob/branch-3.5/src/bokeh/embed/server.py#L233 Is there some other usage in Bokeh, or for users, that demands an HTTP args approach?For that matter, is there any way we could we drop all HTTP args? IIRC the processing and handling of these is quite gorpy and complicated.
cc @bokeh/dev
Beta Was this translation helpful? Give feedback.
All reactions