id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
5593	Missing DB sessions create a new session for every request	nezroy <nezroy@…>	nobody	"When using the DB SessionStore, it's possible to start getting a bunch of invalid sessions in the session table. This happens when an original session has been purged from the table, but a client still has the old, stale cookie with the original session ID. The load method will create a new session with a new id for security purposes when it tries to load this old session, but it does *not* update the actual cookie stored on the client. So the client continues to try and use the old session id, which keeps causing the load method to create new sessions with new IDs.

Attached is a simple patch that is the simplest solution I could think of, though I'm not familiar enough with session to understand potential ramifications. The load function is simply updated to set the ""modified"" property to True so that further processing in the response handler will send an updated version of the cookie to the client."		closed	contrib.sessions	dev		fixed	session invalid stale duplicate clutter		Accepted	1	0	0	0	0	0