this isn't an issue for normal usage, but i got hit by a spider the other > day that ignored cookies and created over 30k stale sessions. this will > pose a problem for me in the future and i'd like to address it (pagecount > is growing, session and database-cache are in redis running LRU mode). >
30k sessions should not be an issue yet. I had 400k sessions and no issues there. Redis should be very high amount of keys easily. My suggestion is that * Have 24 hours or less expiration time for anonymous sessions * Upgrade the session expiration time when the user logs in, so that logged in sessions are not forgotten Also I am pretty sure one can configure pyramid_redis_session not create session until you save something there. Though not 100% sure here. However I am saving some stats per user when they come to the site for the first time (affiliate, etc.) My 2c (Euro), Mikko -- Mikko Ohtamaa http://opensourcehacker.com http://twitter.com/moo9000 -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/CAK8RCUuk%3D1hWXUhdD%2BQfeiD4O47CBjdZAPQ%3Dn3UvUcJ9qSjcjQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.