I guess you have already taken a look at the sessions related
documentation here:
web2py.com/books/default/chapter/29/13/deployment-recipes
* You could use "sessions.forget()", for cases where you do not want a
sessions file to be issued. Maybe the scenario where the user is not
logged in.
* You could also use Redis based session caches.
* Or store the sessions in the DB, and run a scheduled process (via
scheduler) to cleanup the sessions database.
* Suggest you take a look at this discussion thread too:
https://groups.google.com/forum/#!searchin/web2py/session$20expire/web2py/j-GwnDc0G6g/v7SVCyudr6AJ
________________________________________
Kiran Subbaraman
http://subbaraman.wordpress.com/about/
On Sat, 12-03-2016 6:22 PM, Alex wrote:
I've found out that we got around 2 million session files, although
I'm regularly running sessions2trash.py to clean up old sessions. We
got many users and requests but the number of sessions is still way
too much.
When a user (who is not logged in) makes a new request a new session
file is created. On the next request the same session file is reused,
this seems fine. Which expiration time does this session file get? can
I set it somehow? maybe it's all those session files without
expiration which are not deleted by sessions2trash.py ...
I've seen in the documentation that it is possible to store sessions
in cookies. This seems like a good way to get rid of all those session
files and improve performance. Since I don't store much data in the
session the small cookie size limit is not a problem for me. I'd like
to know how this internally works, is it secure? How does web2py know
from this session in the cookie if the user is logged in? Isn't it
possible to pretend being someone else and login into another account
if there is no login information stored on the server?
thanks,
Alex
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google
Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to web2py+unsubscr...@googlegroups.com
<mailto:web2py+unsubscr...@googlegroups.com>.
For more options, visit https://groups.google.com/d/optout.
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
