Don't create session in admin console, until admin has logged-in

2 views
Skip to first unread message

Alexander Obuhovich

unread,
Nov 4, 2010, 9:37:28 AM11/4/10
to In-Portal Development
On Front-end In-Portal don't create empty session (records in UserSession and SessionData tables) until there is need to write something into it (e.g. user_id of logged-in user).

Why we don't have same type protection against too much unused sessions being created in admin console too.

For example I don't have ability to enable cookies and I'm just refreshing admin console login screen. New session will be created each time I do so.

Also, when I need to ask something from admin console via CURL request, then also session is created.

--
Best Regards,

http://www.in-portal.com
http://www.alex-time.com

Dmitry Andrejev

unread,
Nov 4, 2010, 10:45:03 AM11/4/10
to in-por...@googlegroups.com
Hi Alex,


Yes, I agree - no need for sessions to be created until the actual Login took place.

I guess we can create a task here.


DA
--


Best regards,

Dmitry A.

Alexander Obuhovich

unread,
Nov 4, 2010, 2:12:35 PM11/4/10
to in-por...@googlegroups.com
Yes. This is not took critical and could go to 5.1.2 release.

Alexander Obuhovich

unread,
Nov 19, 2010, 7:16:04 AM11/19/10
to in-por...@googlegroups.com
Task: http://tracker.in-portal.org/view.php?id=930

Ready for testing.

After applying this change I've got only 4 database queries on login screen (when memcache enabled) and 8 database queries (when no caching is used).
dont_create_admin_session_when_not_logged_in.patch

Dmitry Andrejev

unread,
Nov 21, 2010, 4:49:14 PM11/21/10
to in-por...@googlegroups.com
Reviewed and tested.

DA
Reply all
Reply to author
Forward
0 new messages