#22938 closed Bug (fixed)
clearsessions doesn't remove file-based sessions
| Reported by: | Owned by: | nobody | |
|---|---|---|---|
| Component: | contrib.sessions | Version: | 1.6 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | yes |
| Easy pickings: | no | UI/UX: | no |
Description
My Django app uses file based session engine. I am currently experience issues with cleaning session files from tmp directory. Basically running clearsessions doesn't remove them at all.
I have been playing a bit with that to try various configurations and debugging Django code. Basically, get_expiry_age
https://github.com/django/django/blob/stable/1.6.x/django/contrib/sessions/backends/file.py#L90 returns cookie age rather then negative value.
That seems to be due to session_data.get('_session_expiry') being None. Is that a bug in file based session backend?
Change History (15)
comment:1 by , 10 years ago
comment:2 by , 10 years ago
| Triage Stage: | Unreviewed → Accepted |
|---|
I think removing expiry=session_data.get('_session_expiry') from the get_expiry_age() call you linked above would fix it. Could you test that? If it works and you could submit a patch with a regression test, that would be great.
comment:3 by , 10 years ago
I am afraid removing expiry=session_data.get('_session_expiry') as mentioned above throws an exception
patch https://github.com/aleksandra-tarkowska/django/commit/e972ea8be732462628faa877627260545bb8661c
Exception Type: RuntimeError Exception Value: maximum recursion depth exceeded in cmp
comment:4 by , 10 years ago
File "/omero/dist/lib/python/django/core/handlers/base.py", line 201, in get_response
response = middleware_method(request, response)
File "/omero/dist/lib/python/django/contrib/sessions/middleware.py", line 28, in process_response
if request.session.get_expire_at_browser_close():
File "/omero/dist/lib/python/django/contrib/sessions/backends/base.py", line 258, in get_expire_at_browser_close
if self.get('_session_expiry') is None:
File "/omero/dist/lib/python/django/contrib/sessions/backends/base.py", line 58, in get
return self._session.get(key, default)
File "/omero/dist/lib/python/django/contrib/sessions/backends/base.py", line 173, in _get_session
self._session_cache = self.load()
File "/omero/dist/lib/python/django/contrib/sessions/backends/file.py", line 91, in load
modification=self._last_modification())
File "/omero/dist/lib/python/django/contrib/sessions/backends/base.py", line 194, in get_expiry_age
expiry = self.get('_session_expiry')
File "/omero/dist/lib/python/django/contrib/sessions/backends/base.py", line 58, in get
return self._session.get(key, default)
File "/omero/dist/lib/python/django/contrib/sessions/backends/base.py", line 173, in _get_session
... looping
comment:6 by , 10 years ago
It looks like clearsessions only works for file-based sessions that have had set_expiry() called on them (nothing within Django itself calls this method). See #18194 for the ticket where this was implemented. It may be better to work address the problem via #19201 than to try to solve this ticket piecemeal for the file backend. Note that get_expiry_age() is working as documented.
comment:7 by , 10 years ago
Basically request.session.get_expiry_date() is set but not propagated to _session_expiry
It is true that only calling
request.session.set_expiry(datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE))
does work but clearsession still not remove expired files
delta 0:00:28.355096 sessionidhb39w1m0mehdpglp0esl2bry7gftd38n expiry_age: 28 _last_modification: 2014-07-02 16:20:28 _session_expiry: 2014-07-02 16:20:56.355096 delta 0:00:30.383044 sessionidynbrmr6cyjxgahkkc3omhbbg52s0axbt expiry_age: 30 _last_modification: 2014-07-02 16:23:18 _session_expiry: 2014-07-02 16:23:48.383044
This will never happen because delta will always be positive https://github.com/django/django/blob/stable/1.6.x/django/contrib/sessions/backends/base.py#L200
comment:8 by , 10 years ago
The other thing I noticed that expory_age returned by get_expiry_age is changing. If call more requests containing request.session.modified = True this value is going down but the best I could achieve is 3 sec
sessionid44iuant7vkklpqqak09paaprh6wngjve expiry_age: 3 _last_modification: 2014-07-02 16:29:02 _session_expiry: 2014-07-02 16:29:05.224180
comment:9 by , 10 years ago
This commit should resolve the issue. Basically the problem was that delta = expiry - modification was always positive because modification time was always before expiry. Now modification is set to the current time.
comment:10 by , 10 years ago
My previous patch only works if _session_expiry is set. Perhaps is better idea to add function to test expiry date. That final changes I will be adapting to my Django app are here
comment:12 by , 10 years ago
| Needs tests: | unset |
|---|
comment:13 by , 9 years ago
| Patch needs improvement: | set |
|---|---|
| Summary: | clearsessions not remore session files from tmp → clearsessions doesn't remove file-based sessions |
My settings: