Cherrypy creating hundreds of thousands of sessions a day for a site recieving 500 average unique users. Should it be handled the following way?

StackOverflow https://stackoverflow.com/questions/21412695

  •  04-10-2022
  •  | 
  •  

Вопрос

Having trouble with many sessions files being created sometimes as high as 400,000! I thought I could detect if a session variable is not None using a get but strangely checking a session variable actually creates a session file:

if(cherrypy.session.get('Something')):

I know a session file is create for every request but if I don't run cherrypy.session.get the session file gets deleted. If you run the following code on Cherrypy 3.2.4 after requesting 127.0.0.1:8080/main the session file is deleted.

import cherrypy

class Root:
    def main(self):
        return 'Howdy'
    main.exposed = True

cherrypy.config.update({'tools.sessions.on': True,
                        'tools.sessions.storage_type': "File",
                        'tools.sessions.storage_path': 'sessions',
                        'tools.sessions.timeout': 1440
               })

cherrypy.quickstart(Root(),'/')

However executing this code will create session variable that will timeout in 1440 mins.

import cherrypy

class Root:
    def main(self):
        if(cherrypy.session.get('Something')):
            asdf = 'asdf'
        return 'Howdy'
    main.exposed = True

cherrypy.config.update({'tools.sessions.on': True,
                        'tools.sessions.storage_type': "File",
                        'tools.sessions.storage_path': 'adf',
                        'tools.sessions.timeout': 1440
               })

cherrypy.quickstart(Root(),'/')

So How can I check if a user has a session variable without creating a server side session file that is not deleted?

Any help would be appreciated, Andrew

Это было полезно?

Решение

Ok this seems to work. Since executing cherrypy.session.get('_cp_Email') causes a permanent session I found a way to check if a session file exists. When a permanent session exists there is a "session-" + cherrypy.session.id file (one without a .lock extension). This code checks for that...

def check_for_session(self=None):
    return os.path.isfile(os.path.join(os.getcwd(), 'sessions/session-' + cherrypy.session.id))


def index(self=None):
    if(check_for_session() and cherrypy.session.get('_cp_Email')):
        Email = cherrypy.session[('_cp_Email']

Hope this helps someone!

Лицензировано под: CC-BY-SA с атрибуция
Не связан с StackOverflow
scroll top