Sessions

hi all,

in my application, i have login form. while login into the application
iam maintaning the details in session. i want to remove the stale
sessions and while removing the stale sessions i want to perform some
operattions on database . how to do this.

Regards,
Rajkumar

in my application, i have login form. while login into the application

iam maintaning the details in session. i want to remove the stale

sessions and while removing the stale sessions i want to perform some

operattions on database . how to do this.

How are the sessions stored? The default now is Cookie store, so you can’t easily delete all sessions. If you’re using file store, you can just remove all files in the folder, if your using a DB store you can truncate the table.

The other way is to have a version field checked/set in a filter in your application and empty any incoming session requests if they don’t have the right version. It won’t delete them all immediately, but at the time they’re being used.

Cheers,

Andy

Well, if you’re using the cookiestore for sessions, you don’t have to worry about stale sessions anyway. The file store should be avoided imo, the IO is simply too expensive. Database session storage is an option, although I see little to no reason to use it when you have something that just takes session storage away from the server.

Your database optimizations and operations can be run as a cron tab, just call a rake task that does what it needs to do and be done with it.

Best regards

Peter De Berdt

? How so?

Because the session data is kept in a cookie on the client side, not on the server in any way. The session is removed on the user’s computer when he quits his browser. As long as you’re not storing more than 4KB of (sensitive) data in the session (which you should never do in the first place), it’s the least expensive session storage with the least redundant data hanging around.

Best regards

Peter De Berdt

That's irrelevant if the app in question depends on inactive sessions
being expired.

http://dev.rubyonrails.org/ticket/10751

Best regards

Peter De Berdt

Interesting but also irrelevant; recognizing a request for an expired
session is not the same as explicitly expiring a session and doing
any necessary cleanup.

But thanks for the reference.