#20936: When logging out/ending a session, don't create a new, empty session
-------------------------------------+-------------------------------------
Reporter: mattrobenolt | Owner:
Type: | mattrobenolt
Cleanup/optimization | Status: assigned
Component: contrib.sessions | Version: master
Severity: Normal | Resolution:
Keywords: session, logout, | Triage Stage: Accepted
auth | Needs documentation: 0
Has patch: 1 | Patch needs improvement: 1
Needs tests: 0 | UI/UX: 0
Easy pickings: 0 |
-------------------------------------+-------------------------------------
Comment (by mattrobenolt):
@ptone, the performance issue isn't a huge concern since we don't use the
db for sessions, so it's not something that affects us in that regard. Was
just an unexpected behavior.
The main concern here is dealing with upstream caches. Speaking from the
context of Varnish, if a Cookie header is present, it wants to skip
caches, which is a good thing in general since you don't want to cache too
much. But when someone logs out, we have no real way of determining the
difference between an empty session, and a user that actually has session
data.
Again, it's just a very unexpected behavior. In my opinion, if the session
is empty, and the framework is explicitly deleting the session, we should
just destroy the cookie as well until someone sets new session data.
--
Ticket URL: <https://code.djangoproject.com/ticket/20936#comment:8>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/070.410073952a383764279b224b72fb8ed8%40djangoproject.com.
For more options, visit https://groups.google.com/groups/opt_out.
