Empty session is stored if clean session is accessed
|Reported by:||Grzegorz Lukasik||Owned by:||nobody|
|Severity:||Keywords:||unused session modified|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
If user opens a page for first time (without a session), and code accesses request.session, then a new session is created and this session has 'modified' flag set to True. So when no data is saved, an empty session is stored in the database and cookie is sent back to the user.
For example if in your code you will call only request.user.is_authenticated(), it triggers user check in the session, the session is created and a new empty session is created in the database.
It is not a bug, but creates unused session objects.