#18978: Move cleanup management command to contrib.sessions
-------------------------------------+-------------------------------------
Reporter: rasca | Owner: aaugustin
Type: | Status: new
Cleanup/optimization | Version: master
Component: Core (Management | Resolution:
commands) | Triage Stage: Accepted
Severity: Normal | Needs documentation: 0
Keywords: | Patch needs improvement: 0
Has patch: 1 | UI/UX: 0
Needs tests: 1 |
Easy pickings: 1 |
-------------------------------------+-------------------------------------
Comment (by aaugustin):
The discussion has diverged from the original report :/
`cleanup` is a dependency of `core` on `contrib`, and such dependencies
shouldn't exist. This means me must move the `cleanup` command to
`django.contrib.sessions` and give it a sessions-specific name.
`clearsessions` will do. Can we limit the scope of this ticket to this
change? I have a patch ready for this.
There hasn't been an obvious need for a more generic cleanup mechanism
over the last five years. Designing one would be a new feature. This
should be done separately from this bugfix. (IMHO it's much better to keep
separate management commands because they may profit from being run at
different times, on different servers, etc.)
It isn't useful to provide two different ways to achieve exactly the same
effect; for this reason `daily_cleanup.py` should be removed rather than
documented.
Finally, there's the question of clearing expired sessions in backends
other than the database backend. This means pushing the clean up logic
inside the backends, like the latest pull request does. This doesn't make
sense with the cookie backend — data is stored by the clients. This isn't
doable with the cache backend because we can't iterate over all keys —
cache might handle its own expiration. This only leaves the file backend,
which is tracked by #18194.
Note that there are two different goals in clearing expired sessions:
- freeing storage space;
- prevent an attacker from re-using a session indefinitely — this is
probably why #18194 was classified as a release blocker.
--
Ticket URL: <https://code.djangoproject.com/ticket/18978#comment:16>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit https://groups.google.com/groups/opt_out.
