best practice on invoking stale sessions cleanup?

I've found a few refs to a bit of code to cleanup stale sessions. In
my ignorance, I'm not sure what the best practice is for invoking this
process.

Some talk about a cron job, others say to call it from a frequently
invoked action (e.g. login). This article mentions both:

http://www.mindsifter.com/2007/1/26/clearing-of-session-data

One comment is that the cron job will cause a load of rails each time
which could load things too much.

Another is that the calling from the login type of action could also
cause problems if you're handling lots of concurrent requests.

What do those of you with experience on fairly active sites say?

adding to this question...

the bit of code I see everywhere to clear stale sessions is some
variant of this:

class SessionCleanup
   def self.cleanup
     CGI::Session::ActiveRecordStore::Session.destroy_all(
       ['updated_at < ?',
$session_cleanup_interval_in_mins.minutes.ago]
     )
   end
end

nopte that it calls the detroy_all method...

http://api.rubyonrails.org/classes/ActiveRecord/Base.html#M001384 says
about destroy_all:

"Destroys the records matching conditions by instantiating each record
and calling the destroy method. This means at least 2*N database
queries to destroy N records, so avoid destroy_all if you are deleting
many records. If you want to simply delete records without worrying
about dependent associations or callbacks, use the much faster
delete_all method instead."

So, again, a best practice question:

Since I don't think there are dependent associations that would need
to be destroyed from the session, why not call the delete_all method
instead?

The solution does depend on the particular situation. It is not clear to me what you are trying to
achieve. Is it stale sessions from anonymous visits or ones from account logins that forgot to
logout? Perhaps both.

In the first case, a cron job that runs say once per day will complete in like a second or two. I
don't see a performance issue here.

For the second case I refer you to a previous post.

http://groups.google.com/group/rubyonrails-talk/browse_thread/thread/3bc6b2028346baff#b43d2a0485cd46e4

I often employ both methods because each addresses a different area.

You are correct, #delete_all is more efficient than using #destroy_all. Provided that it is
supported in the context of ActiveRecordStore::Session. I have yet to use it so can't say for sure.

-- Long
http://FATdrive.tv/wall/trakb/10-Long
http://FATdrive.tv/

If you're using rails 2.0, and the cookie-based session store, you don't have to clear out stale sessions. If you are running an earlier version with AR store, you can run a cron job that just runs a mysql command to delete records older than a specified age. No reason to get Rails involved. If you're really worried about performance, you can nice the command.

Thanks for the replies and sorry for my delay in responding (other
matters arose).

I am still on rails 1.2.5, so I cant take advantage of 2.0 goodies
yet.

I like the idea of going directly to the the DB with SQL rather than
invoking rails from a cron job.

For the moment I am using the code I posted above and calling it from
a freq invoked action... works well for now, but I'll change in
anticipation of heavier traffic down the road.