Code

Opened 5 years ago

Closed 3 years ago

#9490 closed (fixed)

Empty session is stored if clean session is accessed

Reported by: hauser Owned by: nobody
Component: contrib.sessions Version: 1.0
Severity: Keywords: unused session modified
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

If user opens a page for first time (without a session), and code accesses request.session, then a new session is created and this session has 'modified' flag set to True. So when no data is saved, an empty session is stored in the database and cookie is sent back to the user.

For example if in your code you will call only request.user.is_authenticated(), it triggers user check in the session, the session is created and a new empty session is created in the database.

It is not a bug, but creates unused session objects.

Attachments (0)

Change History (2)

comment:1 Changed 5 years ago by jacob

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Accepted

comment:2 Changed 3 years ago by aaugustin

  • Resolution set to fixed
  • Status changed from new to closed

This is fixed in trunk.

The behavior expected by the OP is enforced in django.sessions.middleware. The SESSION_SAVE_EVERY_REQUEST setting allows to always save the session (the old behavior). I could not find tests for the new behavior, but that is another problem.

To confirm that the use case of the OP is indeed fixed, I created a Django project with all the defaults, which means the sessions are stored in the database table django_session and I added this view:

from django.http import HttpResponse
def test(request):
    return HttpResponse('auth: %r' % request.user.is_authenticated()

Accessing the view does not create a session in the database.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.