On 12/12/06, Rob Hudson <[EMAIL PROTECTED]> wrote: > > I agree that this would be a valuable addition. Perhaps you could > > submit a patch... if you're not comfortable doing that, perhaps > > someone else will. > > I'd be happy to attempt it. In looking at the code it seems like you > could call the SessionManager's get_new_session_key. But I'm not sure > what that would look like at the view level where I think it would be > most useful. >
The get_new_session_key method would probably be a good place to start, though I have little familiarity with the interface to the session middleware. I'm swamped right now, so I'll look into it in the next few days. If you need any assistance, please let me know. > Other improvements to sessions I can think of (and maybe there are ways > to do this already): > > * Add in a last authenticated date stamp to the model so developers can > re-authenticate after a certain period of time if a user tries to > access sensitive data. I see this a lot on sites where you are still > logged in, but if you want to do anything significant you a required to > re-authenticate if it has been more than a specified time since last > authentication. +1 on this. I believe that it has been discussed recently. > > * An auto purge algorithm that clears expired sessions from the > django_session table. I'm thinking something along the lines of PHP's > garbage collection settings[1] so one can specify a probability that > the session garbage collection routine is called. For low traffic > sites you may want a 1 in 20 chance. For high traffic sites you may > want a 1 in 1000 request chance. > +1 on the idea / +0 on the implementation I've never liked the idea of randomly slowing down requests to perform housekeeping tasks. It's probably acceptable in low-volume sites, but for high-traffic sites with a cluster of web servers a dedicated process more sense to me. I think auto purge would need further discussion to figure out the best solution. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
