On Thursday, November 28, 2013 4:49:37 PM UTC, Douglas Fraser wrote:
Hi,
The website I deal with uses file based sessions, and there is no logging in of users or anything like that. Most of the time, no data is put into the session, and the session expiry time is not explicitly set in the code. I've set SESSION_COOKIE_AGE to 48 hours, and so I'd expect the session files to be deleted after 48 hours.
But "clearsessions" is not causing the old sessions to be deleted, and so I'm wondering if I overlooked something I should have implemented in the code etc. Should session.set_expiry always be explicitly called? SESSION_EXPIRE_AT_BROWSER_CLOSE is True, so I expected SESSION_COOKIE_AGE to act as the determining factor when session files would get deleted (when 'clearsessions' gets called)
But looking at the code for the admin 'clearsessions' command (base.py and file.py) and the code related to file based sessions, it seems SESSION_COOKIE_AGE will always get returned from get_expiry_age in this situation, and thus the check to see if the expiry_age is negative always fails, and so the file is never deleted
My gut says load() in django/contrib/sessions/backend/file.py needs to be a little more sophisticated in determining the actual age of the file relative to what is returned from get_expiry_age.
Or am I just wrong in assuming sessions ought to be cleaned up automatically in this case?
thanks
Doug
update: from the docs:
- set_expiry(value)
- If value is None, the session reverts to using the global session expiry policy.
Reading a session is not considered activity for expiration purposes. Session expiration is computed from the last time the session was modified.
get_expiry_age()
Returns the number of seconds until this session expires. For sessions with no custom expiration (or those set to expire at browser close), this will equal SESSION_COOKIE_AGE.
from these, I was led to believe SESSION_COOKIE_AGE determines when a session has expired, if the expiry is None
Doug
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/5ee186b1-49cc-4b0f-b2f3-8c59753ea5bb%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
No comments:
Post a Comment