Upon a second glance, it looks like the clearsession command will only have an effect as of Django 1.5. For <=1.4 if you're using the DB backend, you could always clear them out yourself with a query:
now = datetime.datetime.now() Session.objects.filter(expire_date__lt=now).delete() _Nik On 1/21/2013 12:46 PM, Nikolas Stevenson-Molnar wrote: > Hi Spork, > > See this section of the sessions docs: > https://docs.djangoproject.com/en/1.4/topics/http/sessions/#clearing-the-session-table > > While it mentions file and db backends specifically, I assume the cache > backend would work similarly. I.e., you need to periodically run a > cleanup of session data. According to the docs, Django will > automatically delete session data when the user logs out, but not > otherwise (again, the server has no reliable way of knowing the user has > closed the browser window) so if you want the data gone, you have to > clean it up periodically. > > Taking a step back, I don't think this is a good approach to security. > This data is still residing on your server for however short a time > period. The issue should be less one of how long the data exist there, > and more about how to keep it safe. How to do that depends somewhat on > the nature of the data (e.g., SSNs or credit card numbers should reside > only on a system not connected directly to the internet). > > _Nik > > On 1/21/2013 9:45 AM, testbackupa...@gmail.com wrote: >> Nik, >> >> My concerns are about security. I have some sensitive data associated >> with each user's session, and I'd like to make sure it is deleted when >> the user logs out or their session times out or closes their browser >> window. There's also some other clean up actions I'd like to do under >> the same circumstances. >> >> I took a look at the session caching documents (thanks for the >> pointer), and I think I would have to go for the cached_db option; if >> I just used the plain vanilla cache option and the data got expired >> out of the cache, it would create a terrible user experience. But I >> would to understand the mechanism by which session data gets purged >> from the database backend. Can I rely on it getting purged with each >> log out/session time out/browser window closure? >> >> Again, thanks for the good feedback. >> >> Spork >> -- >> You received this message because you are subscribed to the Google >> Groups "Django users" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/django-users/-/SOs0zvR48PMJ. >> To post to this group, send email to django-users@googlegroups.com. >> To unsubscribe from this group, send email to >> django-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/django-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
