Under what circumstances will a session be unavailable in the database?

[Alexander Marquardt]

In GAESessions __retrieve_data, session data may be pulled out of the datastore, and if it is not available then an error/warning is logged.

My question is, under what circumstances (other than the session having expired) could the session be unavailable in the database. I am occasionally seeing that some sessions are not found in the database, even though they should not have expired, and I would like to know if this is a real error, or if there are legitimate reasons why this might happen.

Kind Regards

Alexander

[David Underhill]

Weird, I can't think of a reason that a session saved to the datastore wouldn't be found if it hadn't expired.  It might be worth double-checking that session is getting put to the datastore -- by default, cookie-only sessions are used (and they are saved neither in memcache nor the datastore).  Unless you really need to save them server-side, I recommend cookie-only sessions as they're extremely fast and cost efficient for most use cases.

~ David

Alexander

--
You received this message because you are subscribed to the Google Groups "gae-sessions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gae-sessions...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Alexander Marquardt]

Hi David, 

(I do need to use the datastore for sessions, because I need to be able to remotely kill sessions by removing the session from the datastore)

I think that this is a problem with an upgrade that I made to use NDB. I have posted a description (hopefully followed by solutions some time soon) to StackOverflow: http://stackoverflow.com/questions/15437320/appengine-python-ndb-key-string-id-key-order-in-the-database

-Alexander

[David Underhill]

On Fri, Mar 15, 2013 at 9:27 AM, Alexander Marquardt <alexander...@gmail.com> wrote:

Hi David, 

(I do need to use the datastore for sessions, because I need to be able to remotely kill sessions by removing the session from the datastore)

Got it.  Is killing sessions done frequently?  If the number of sessions being terminated in this way isn't really huge, you might consider revoking a user's session by recording that no session started before a certain time for that user is valid.  You could store all revocations in a single datastore entry, and then cache that entry in memcache (or even app cache).  This would allow you to continue using cookie-only sessions, at the expense of needing to do this low-cost additional check on each request (I'd recommend putting the tweak in gaesessions.py).

Also, this revocation list doesn't need to grow indefinitely -- since sessions have limited lengths, you could automatically purge old revocations once they are no longer relevant.

I think that this is a problem with an upgrade that I made to use NDB. I have posted a description (hopefully followed by solutions some time soon) to StackOverflow: http://stackoverflow.com/questions/15437320/appengine-python-ndb-key-string-id-key-order-in-the-database

Cool, looks like the question got a helpful answer too!

~ David