On Tue, Feb 7, 2017 at 2:38 PM, Jeff Dairiki <[email protected]> wrote: > > > On Mon, Feb 6, 2017 at 11:25 AM, Jonathan Vanasco <[email protected]> > wrote: >> >> >> >> On Sunday, February 5, 2017 at 4:16:29 PM UTC-5, Jeff Dairiki wrote: >>> >>> >>> Actually, no. Pretty much every page includes a CSRF token somewhere, >>> and thus require a session. However these simple sessions are stored >>> entirely in the session cookie, so no server-side storage is required. >> >> >> Sorry, I meant to describe a placeholder session in redis. At some point >> you decide a session id is needed for redis. > > > Yes, that's right. The session id for redis is not created until it is > decided that the session will be stored in redis. (This happens when the > session dict is not JSON-serializable, or when the size of the JSON > serialization exceeds a configured limit.) At least with our usage, most > sessions, including those created by bots do not hit redis at all.
This is in the regular 'pyramid_redis_sessions', or this is in a fork? -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/CAH9f%3DurjJx%2Bx5EP7iKkOGgpVeat40LSSDFz4Cx8cx7RZECwgtQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
