On Mon, Feb 6, 2017 at 11:25 AM, Jonathan Vanasco <jonat...@findmeon.com> wrote:
> > > On Sunday, February 5, 2017 at 4:16:29 PM UTC-5, Jeff Dairiki wrote: >> >> >> Actually, no. Pretty much every page includes a CSRF token somewhere, >> and thus require a session. However these simple sessions are stored >> entirely in the session cookie, so no server-side storage is required. >> > > Sorry, I meant to describe a placeholder session in redis. At some point > you decide a session id is needed for redis. > Yes, that's right. The session id for redis is not created until it is decided that the session will be stored in redis. (This happens when the session dict is not JSON-serializable, or when the size of the JSON serialization exceeds a configured limit.) At least with our usage, most sessions, including those created by bots do not hit redis at all. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/CAM4%2Bx0G-5Mg09R7xM5a5VUx2SBW12bd-EO6R-Kc3DpcztH%3DhsQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
