CherryPy Sessions seems wrong

[Mark]

Sessions in cherrypy seem wrong to me. 

1) Why is timeout set on the client and server? Client cookies should default to session only so public computers don't retain the cookie after the user closes the browser. Server just ignores expired cookies. 

2) Why are we calling clean_up every 5 minutes? Can I change this? Do it once a day or once a week. Expired cookies are ignored so who cares.

[Joel Rivera]

Hi Mark

You can change the clean up frequency with
'tools.sessions.clean_freq': 60 * 24 # a day
'tools.sessions.clean_freq': 60 * 24 * 7 # a week

Also this [1] previous thread might illustrate a little more how the
sessions are expected to be used.


Cheers.

[1]
https://groups.google.com/forum/#!msg/cherrypy-users/3rggaNVNjKE/yT45LoAromcJ
--
Rivera²

[Mark]

Thanks, 

I'm using SimpleDB as a session backend so I can keep track of state across multiple machines.  I just had to modify setting of the client cookie and the clean up timeout to accomodate my use.  

Mark

[Tim Roberts]

Mark wrote:
>
> 2) Why are we calling clean_up every 5 minutes? Can I change this? Do
> it once a day or once a week. Expired cookies are ignored so who cares.

Because they take up disk space. Now, we're talking about balancing an
infinitely small CPU load against an infinitely small amount of disk
space, so there is no reason to choose a particular time interval other
than whatever makes you comfortable.

If the session data contains sensitive information, then there may be a
reason to clear it out more often.

--
Tim Roberts, ti...@probo.com
Providenza & Boekelheide, Inc.