I have written a custom session implementation which is a hybrid between cookie-storage and redis-storage. If the session dict is JSON-serializable and is not too large, then the session is just stored directly in a cookie. Otherwise, the session data is pickled and stored in redis. In the latter case just a session id (as well as, in our case, a few other keys having to do with user authentication) is stored in the session cookie.
I did this, in part to solve the zealous spider problem you describe. On Fri, Feb 3, 2017 at 1:07 PM, Jonathan Vanasco <jonat...@findmeon.com> wrote: > I forked `pyramid_redis_sessions` into a new project because my needs > changed. > > i ended up inheriting a design flaw and need to refactor it out. I'm > hoping to look at other server-side session systems for inspiration. > > my issue is that not having a session_id cookie, or having an invalid one, > will automatically generate a placeholder session in redis. i need to > refactor my code so that session_ids are only created if actually used. (i > have a handful of ideas on how to do this, but if something works... > inspiration would save me time). > > this isn't an issue for normal usage, but i got hit by a spider the other > day that ignored cookies and created over 30k stale sessions. this will > pose a problem for me in the future and i'd like to address it (pagecount > is growing, session and database-cache are in redis running LRU mode). > > -- > You received this message because you are subscribed to the Google Groups > "pylons-discuss" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to pylons-discuss+unsubscr...@googlegroups.com. > To post to this group, send email to pylons-discuss@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/pylons-discuss/20766195-47b0-46eb-a82f-06c331ce9ec8% > 40googlegroups.com > <https://groups.google.com/d/msgid/pylons-discuss/20766195-47b0-46eb-a82f-06c331ce9ec8%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/CAM4%2Bx0HFWfmWVVkXQSkbwJexuHobcOvBQ9D9t2LmjF8m5byq_g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.