#22938 closed Bug (fixed)
clearsessions doesn't remove file-based sessions
Reported by: | Owned by: | nobody | |
---|---|---|---|
Component: | contrib.sessions | Version: | 1.6 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Accepted | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | yes |
Easy pickings: | no | UI/UX: | no |
Description
My Django app uses file based session engine. I am currently experience issues with cleaning session files from tmp directory. Basically running clearsessions doesn't remove them at all.
I have been playing a bit with that to try various configurations and debugging Django code. Basically, get_expiry_age
https://github.com/django/django/blob/stable/1.6.x/django/contrib/sessions/backends/file.py#L90 returns cookie age rather then negative value.
That seems to be due to session_data.get('_session_expiry')
being None. Is that a bug in file based session backend?
Change History (15)
comment:1 by , 10 years ago
comment:2 by , 10 years ago
Triage Stage: | Unreviewed → Accepted |
---|
I think removing expiry=session_data.get('_session_expiry')
from the get_expiry_age()
call you linked above would fix it. Could you test that? If it works and you could submit a patch with a regression test, that would be great.
comment:3 by , 10 years ago
I am afraid removing expiry=session_data.get('_session_expiry')
as mentioned above throws an exception
patch https://github.com/aleksandra-tarkowska/django/commit/e972ea8be732462628faa877627260545bb8661c
Exception Type: RuntimeError Exception Value: maximum recursion depth exceeded in cmp
comment:4 by , 10 years ago
File "/omero/dist/lib/python/django/core/handlers/base.py", line 201, in get_response response = middleware_method(request, response) File "/omero/dist/lib/python/django/contrib/sessions/middleware.py", line 28, in process_response if request.session.get_expire_at_browser_close(): File "/omero/dist/lib/python/django/contrib/sessions/backends/base.py", line 258, in get_expire_at_browser_close if self.get('_session_expiry') is None: File "/omero/dist/lib/python/django/contrib/sessions/backends/base.py", line 58, in get return self._session.get(key, default) File "/omero/dist/lib/python/django/contrib/sessions/backends/base.py", line 173, in _get_session self._session_cache = self.load() File "/omero/dist/lib/python/django/contrib/sessions/backends/file.py", line 91, in load modification=self._last_modification()) File "/omero/dist/lib/python/django/contrib/sessions/backends/base.py", line 194, in get_expiry_age expiry = self.get('_session_expiry') File "/omero/dist/lib/python/django/contrib/sessions/backends/base.py", line 58, in get return self._session.get(key, default) File "/omero/dist/lib/python/django/contrib/sessions/backends/base.py", line 173, in _get_session ... looping
comment:6 by , 10 years ago
It looks like clearsessions
only works for file-based sessions that have had set_expiry()
called on them (nothing within Django itself calls this method). See #18194 for the ticket where this was implemented. It may be better to work address the problem via #19201 than to try to solve this ticket piecemeal for the file backend. Note that get_expiry_age()
is working as documented.
comment:7 by , 10 years ago
Basically request.session.get_expiry_date()
is set but not propagated to _session_expiry
It is true that only calling
request.session.set_expiry(datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE))
does work but clearsession
still not remove expired files
delta 0:00:28.355096 sessionidhb39w1m0mehdpglp0esl2bry7gftd38n expiry_age: 28 _last_modification: 2014-07-02 16:20:28 _session_expiry: 2014-07-02 16:20:56.355096 delta 0:00:30.383044 sessionidynbrmr6cyjxgahkkc3omhbbg52s0axbt expiry_age: 30 _last_modification: 2014-07-02 16:23:18 _session_expiry: 2014-07-02 16:23:48.383044
This will never happen because delta will always be positive https://github.com/django/django/blob/stable/1.6.x/django/contrib/sessions/backends/base.py#L200
comment:8 by , 10 years ago
The other thing I noticed that expory_age
returned by get_expiry_age
is changing. If call more requests containing request.session.modified = True
this value is going down but the best I could achieve is 3 sec
sessionid44iuant7vkklpqqak09paaprh6wngjve expiry_age: 3 _last_modification: 2014-07-02 16:29:02 _session_expiry: 2014-07-02 16:29:05.224180
comment:9 by , 10 years ago
This commit should resolve the issue. Basically the problem was that delta = expiry - modification
was always positive because modification
time was always before expiry
. Now modification is set to the current time.
comment:10 by , 10 years ago
My previous patch only works if _session_expiry
is set. Perhaps is better idea to add function to test expiry date. That final changes I will be adapting to my Django app are here
comment:12 by , 10 years ago
Needs tests: | unset |
---|
comment:13 by , 10 years ago
Patch needs improvement: | set |
---|---|
Summary: | clearsessions not remore session files from tmp → clearsessions doesn't remove file-based sessions |
My settings: