Thursday, November 28, 2013

Re: Problem with clearsession admin command and file based sessions

On Thu, Nov 28, 2013 at 5:10 PM, Douglas Fraser <dr.fraser@gmail.com> wrote:
>
>
> On Thursday, November 28, 2013 4:49:37 PM UTC, Douglas Fraser wrote:
>>
>> Hi,
>>
>> The website I deal with uses file based sessions, and there is no
>> logging in of users or anything like that. Most of the time, no data is put
>> into the session, and the session expiry time is not explicitly set in the
>> code. I've set SESSION_COOKIE_AGE to 48 hours, and so I'd expect the
>> session files to be deleted after 48 hours.
>>
>> But "clearsessions" is not causing the old sessions to be deleted, and so
>> I'm wondering if I overlooked something I should have implemented in the
>> code etc. Should session.set_expiry always be explicitly called?
>> SESSION_EXPIRE_AT_BROWSER_CLOSE is True, so I expected SESSION_COOKIE_AGE to
>> act as the determining factor when session files would get deleted (when
>> 'clearsessions' gets called)
>>
>> But looking at the code for the admin 'clearsessions' command (base.py and
>> file.py) and the code related to file based sessions, it seems
>> SESSION_COOKIE_AGE will always get returned from get_expiry_age in this
>> situation, and thus the check to see if the expiry_age is negative always
>> fails, and so the file is never deleted
>>
>> My gut says load() in django/contrib/sessions/backend/file.py needs to be
>> a little more sophisticated in determining the actual age of the file
>> relative to what is returned from get_expiry_age.
>>
>> Or am I just wrong in assuming sessions ought to be cleaned up
>> automatically in this case?
>>
>> thanks
>> Doug
>>
>
> update: from the docs:
>
> set_expiry(value)
>
> If value is None, the session reverts to using the global session expiry
> policy.
>
> Reading a session is not considered activity for expiration purposes.
> Session expiration is computed from the last time the session was modified.
>
> get_expiry_age()
>
> Returns the number of seconds until this session expires. For sessions with
> no custom expiration (or those set to expire at browser close), this will
> equal SESSION_COOKIE_AGE.
>
> from these, I was led to believe SESSION_COOKIE_AGE determines when a
> session has expired, if the expiry is None
>
> Doug
>

I read that differently, sessions with no custom expiration or those
set to expire at browser close will always return SESSION_COOKIE_AGE -
because the session is only "expired" when the browser has forgotten
the session ID, not when N seconds has passed.

Cheers

Tom

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAFHbX1%2BnD1ABBCPL1YhS8xinmJL-XSw0zKK%2BtZXqVffskpmgoQ%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

No comments:

Post a Comment