On 11/11/05, Maniac <[EMAIL PROTECTED]> wrote:
> 1. Session key is generated on save, not on creation.
> [...]
> So when new user (without a session cookie) makes a request I'm trying
> to create a session and create a new Basket referencing to this new
> session. Here's the trap: until the request ends session doesn't have
> actual key and the Basket is created with ForeignKey set to None and
> user won't see his Basket next time.
Thanks for bringing this up. Comments are below.
> I see two solutions:
> - generate new session key when processing request immediately if there
> is no cookie
I don't see this as a viable solution, because that would require a
database hit for every request that doesn't have a session -- which
isn't good for performance.
> - turn creating a session into an explicit procedure in app's view:
>
> if not request.session:
> key=request.create_session
I'm iffy on this one as well, but I can give it some more thought.
An easy solution to your problem would be to create the Basket object
for a request if the session is not empty and hasn't yet had a basket
created.
if request.session and not request.session.get('basket_created', False):
# create the basket object
> 2. Session's lifetime is prolonged only when sessions is modified.
> Imagine an online shop with sessions lifetime of two hours. User comes
> to a site, a session is created. User then adds some goods to the basket
> and before making a decision about actually submitting an order decides
> to have a closer look at delivery and payment options. When browsing and
> reading documents his basket is untouched and not modified. This can
> easily take about two hours including interruptions for some irrelevant
> incoming calls. And then his session expires. And basket is suddenly empty.
>
> I mean, is there a reason to not update session's expiration time on
> each request?
Good call; this is a valid concern. The reason to not update session's
expiration time on each request is that we don't want to hit the
database on every request; that's unnecessarily performance-heavy.
Maybe there's a happy medium: Only update the session's expiration
time if the expiration time is less than 10 minutes away? How does
that sound?
Adrian
--
Adrian Holovaty
holovaty.com | djangoproject.com | chicagocrime.org
