#5593: Missing DB sessions create a new session for every request
--------------------------------------+-------------------------------------
Reporter: nezroy <[EMAIL PROTECTED]> | Owner: nobody
Status: new | Component: django.contrib.sessions
Version: SVN | Keywords: session invalid stale
duplicate clutter
Stage: Unreviewed | Has_patch: 1
--------------------------------------+-------------------------------------
When using the DB SessionStore, it's possible to start getting a bunch of
invalid sessions in the session table. This happens when an original
session has been purged from the table, but a client still has the old,
stale cookie with the original session ID. The load method will create a
new session with a new id for security purposes when it tries to load this
old session, but it does *not* update the actual cookie stored on the
client. So the client continues to try and use the old session id, which
keeps causing the load method to create new sessions with new IDs.
Attached is a simple patch that is the simplest solution I could think of,
though I'm not familiar enough with session to understand potential
ramifications. The load function is simply updated to set the "modified"
property to True so that further processing in the response handler will
send an updated version of the cookie to the client.
--
Ticket URL: <http://code.djangoproject.com/ticket/5593>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
