Re: [Zope-dev] Re: Zope 2.X Session problems
We're using a shopping cart model; sessions only get created if the user 'adds' a workshop to their cart. Unless there's anything I'm missing in Plone... the _ZopeId cookie doesn't seem to start up a session (lazy data container?) until a script actually creates says session['key'] = value... or am I missing the boat here? There is a bot floating around for the univ. search engine, but i still don't think that's it. Again, my guess is the bad looping (i.e. trying to set session values from form values ASSUMING that form values exist). This seems in line with my case: a rapidly developed admin interface with buttons existing for cases that haven't been flushed out yet. Anyway thanks--it hasn't recurred since I cleaned up those loose ends; however, I'm still concerned that the log msg didn't give a clear pic of the root of the problem. cheers, k Tres Seaver wrote: Michael Dunstan wrote: On 7/05/2004, at 5:15 AM, Kris Erickson wrote: No, that's not the problem; in THEORY that's what is happening, but in reality there is no way that this is the case; We just unrolled a registration system with participation rates at or around 100 to 200 participants per month; At any given time, monitoring the session data container, there are *at most* 1 or 2 items in the transient object container--EXCEPT when it spikes... I have seen such spikes occur (in a corner case) where some breads of web robots were aggressively hitting a page that used sessions. These robots did not bother to return the cookie handed out by the server. Each page hit effectively constructs a new session. Have a look through your access logs to see if can see signs of something similar happening. Not all web robots are created equal. I ended up sniffing for the user agent and returning a page that does not use sessions for the offending robots. (From memory, robots.txt was not useful for this bread.) Alternatively you can set the maximum-number-of-session-objects to something a lot higher and see if you can just live through the bot invasion. Even better, avoid writing to the session on each request! Your application will be *much* happier if you write to the session only when the human makes a gesture; neither bots nor casually-browsing humans will consume sessions, but only session keys (which are cheap). Tres. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: Zope 2.X Session problems
On 7/05/2004, at 4:39 PM, Tres Seaver wrote: Michael Dunstan wrote: On 7/05/2004, at 5:15 AM, Kris Erickson wrote: No, that's not the problem; in THEORY that's what is happening, but in reality there is no way that this is the case; We just unrolled a registration system with participation rates at or around 100 to 200 participants per month; At any given time, monitoring the session data container, there are *at most* 1 or 2 items in the transient object container--EXCEPT when it spikes... I have seen such spikes occur (in a corner case) where some breads of web robots were aggressively hitting a page that used sessions. These robots did not bother to return the cookie handed out by the server. Each page hit effectively constructs a new session. Have a look through your access logs to see if can see signs of something similar happening. Not all web robots are created equal. I ended up sniffing for the user agent and returning a page that does not use sessions for the offending robots. (From memory, robots.txt was not useful for this bread.) Alternatively you can set the maximum-number-of-session-objects to something a lot higher and see if you can just live through the bot invasion. Even better, avoid writing to the session on each request! Your application will be *much* happier if you write to the session only when the human makes a gesture; neither bots nor casually-browsing humans will consume sessions, but only session keys (which are cheap). Yup - certainly that is a whole lot better if you can arrange for that. Michael. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: Zope 2.X Session problems
Michael Dunstan wrote: On 7/05/2004, at 5:15 AM, Kris Erickson wrote: No, that's not the problem; in THEORY that's what is happening, but in reality there is no way that this is the case; We just unrolled a registration system with participation rates at or around 100 to 200 participants per month; At any given time, monitoring the session data container, there are *at most* 1 or 2 items in the transient object container--EXCEPT when it spikes... I have seen such spikes occur (in a corner case) where some breads of web robots were aggressively hitting a page that used sessions. These robots did not bother to return the cookie handed out by the server. Each page hit effectively constructs a new session. Have a look through your access logs to see if can see signs of something similar happening. Not all web robots are created equal. I ended up sniffing for the user agent and returning a page that does not use sessions for the offending robots. (From memory, robots.txt was not useful for this bread.) Alternatively you can set the maximum-number-of-session-objects to something a lot higher and see if you can just live through the bot invasion. Even better, avoid writing to the session on each request! Your application will be *much* happier if you write to the session only when the human makes a gesture; neither bots nor casually-browsing humans will consume sessions, but only session keys (which are cheap). Tres. -- === Tres Seaver[EMAIL PROTECTED] Zope Corporation "Zope Dealers" http://www.zope.com ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: Zope 2.X Session problems
Chris Withers wrote: Kris Erickson wrote: Per this thread that seems to have been dropped (MaxTransientObjectsExceeded Error); This means more unique users have accessed your site than the maximum configured number of sessions. Go to the session data container objectin the the temp folder and tweak the config so that the number of sessions allowed matches the number of people using your Zope instance... In Zope < 2.7, you need to set the corresponding environment variable (see doc/ENVIRONMENT.txt) to make the change "persistent" (it doesn't do much good to set the value on the TemporaryStorage!) In Zope >= 2.7, zope.conf has a setting for this value. Tres. -- === Tres Seaver[EMAIL PROTECTED] Zope Corporation "Zope Dealers" http://www.zope.com ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
