i was wondering how a blog db has grown by about 15 mb in a week or two. it turns out its the sessions table.. so ive tried this: class ApplicationController.. session :off end class AccountController session :only, :login end and now, its impossible to login, and nothing ever appears in the session table. is this the right approach? i dont want to weed out the sessions with cron, i just want them to never be created unless its necessary.. preferably without needing to go around and add a :only or :except for every action that might want to access session data.. carmen
Couldn''t you just run a job every X time to remove old sessions (sessions that have not been accesed for an Y amount of time) ?? carmen wrote:> i was wondering how a blog db has grown by about 15 mb in a week or two. > it turns out its the sessions table.. > > so ive tried this: > > class ApplicationController.. > session :off > end > > > class AccountController > session :only, :login > end > > and now, its impossible to login, and nothing ever appears in the session > table. is this the right approach? i dont want to weed out the sessions > with cron, i just want them to never be created unless its necessary.. > preferably without needing to go around and add a :only or :except for > every action that might want to access session data.. > > carmen
On Sat Jun 24, 2006 at 01:32:03AM +0200, Matias Surdi wrote:> Couldn''t you just run a job every X time to remove old sessions (sessions > that have not been accesed for an Y amount of time) ??yes, i could, and probably will weed them out once a month or something. the point being, id like the session to be accessible if it exists, anywhere it normally is. but only ever create sessions if the Account#Login method or something it triggers successfully completes, so the DB doesnt bloat in the first place...nip the problem at the bud :) i dont really see doing a source code audit, then manually adding session :off, :exec => [] and continually pruning it as realistic in a huge app..
On 6/23/06, carmen <_@whats-your.name> wrote:> On Sat Jun 24, 2006 at 01:32:03AM +0200, Matias Surdi wrote: > > Couldn''t you just run a job every X time to remove old sessions (sessions > > that have not been accesed for an Y amount of time) ?? > > yes, i could, and probably will weed them out once a month or something. the point being, id like the session to be accessible if it exists, anywhere it normally is. but only ever create sessions if the Account#Login method or something it triggers successfully completes, so the DB doesnt bloat in the first place...nip the problem at the bud :) > > > i dont really see doing a source code audit, then manually adding session :off, :exec => [] and continually pruning it as realistic in a huge app..Disabling sessions could cause all sorts of strange things to happen in a rails app. It''s really really not worth the effort. Setup a cron job to expire the sessions and move on.
> in a rails app. It''s really really not worth the effort. Setup aI wouldn''t say it''s not worth it - at least on a high traffic site. otherwise you are right You should not only enable sessions for the login page but also for all pages that access the session. I have seen you only enabled it for the login action. you also need it for all actions that rely on / check for a logged in user. - peter snacktime schrieb:> On 6/23/06, carmen <_@whats-your.name> wrote: >> On Sat Jun 24, 2006 at 01:32:03AM +0200, Matias Surdi wrote: >> > Couldn''t you just run a job every X time to remove old sessions >> (sessions >> > that have not been accesed for an Y amount of time) ?? >> >> yes, i could, and probably will weed them out once a month or >> something. the point being, id like the session to be accessible if >> it exists, anywhere it normally is. but only ever create sessions if >> the Account#Login method or something it triggers successfully >> completes, so the DB doesnt bloat in the first place...nip the >> problem at the bud :) >> >> >> i dont really see doing a source code audit, then manually adding >> session :off, :exec => [] and continually pruning it as realistic in >> a huge app.. > > Disabling sessions could cause all sorts of strange things to happen > in a rails app. It''s really really not worth the effort. Setup a > cron job to expire the sessions and move on. > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails
Be aware also, that some things like "flash" and many other things in rails are dependent on sessions, even for the "anonymous" users... carmen wrote:> On Sat Jun 24, 2006 at 01:32:03AM +0200, Matias Surdi wrote: >> Couldn''t you just run a job every X time to remove old sessions (sessions >> that have not been accesed for an Y amount of time) ?? > > yes, i could, and probably will weed them out once a month or something. > the point being, id like the session to be accessible if it exists, > anywhere it normally is. but only ever create sessions if the > Account#Login method or something it triggers successfully completes, so > the DB doesnt bloat in the first place...nip the problem at the bud :) > > > i dont really see doing a source code audit, then manually adding session > :off, :exec => [] and continually pruning it as realistic in a huge app..