Do not create SessionData until there is data to store in the session
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Launchpad itself |
Fix Released
|
Medium
|
James Henstridge | ||
Bug Description
Every request gets a session identifier linked to a row in the database. For many requests (all requests made by robot) no data will ever be linked to that session.
We could defer creating session records to the point where the session will actually contain data.
As explained by James:
Now the client ID is created such that it is unlikely to cause
duplicates (it contains the SHA1 digest of a random number, the time
and the CPU time), and uses HMAC to prevent forgeries. So we should
be able to rely on the cookies being unique even without storing them
in our database (the Zope code verifies the HMAC for us).
So one option would be to defer creation of the SessionData row until
it is time to actually store some data in the session. This would
remove the need to track sessions in cases where we haven't stored any
data against it. For logged in users, the main change would be that
the recorded creation date would be when they log in rather than on
their first page load. This seems accurate enough for me.
| Changed in launchpad: | |
| importance: | Undecided → Medium |
| status: | New → Confirmed |
| James Henstridge (jamesh) wrote | #1 |
| Changed in launchpad: | |
| assignee: | nobody → jamesh |
| James Henstridge (jamesh) wrote | #2 |
| Changed in launchpad: | |
| status: | Confirmed → Fix Committed |
| Changed in launchpad-foundations: | |
| status: | Fix Committed → Fix Released |
I've done a patch to implement this.