On 6/8/06, Adrian Holovaty <[EMAIL PROTECTED]> wrote: > > On 6/7/06, Elver Loho <[EMAIL PROTECTED]> wrote: > > Everything you've just said makes a lot of sense on a production > > rollout. Yes, do keep sessions after shutdown. It's a great feature! > > But this "feature" on the development server simply makes development > > more difficult. > > > > So, um, could someone add a feature to the SVN version to let me turn > > this off? Please? Pretty please? With sugar on top? :) > > This is too much feature creep for my liking, and I don't see how it > makes development more difficult for the common case. Just put these > two commands in a shell script and off you go: > > python -c 'from django.contrib.sessions.models import Session; \ > Session.objects.all().delete()' > python manage.py runserver
Hmmm... I'll do some thinking on this. Anyhow, someone said earlier that keeping session variables in the database is a good idea in case the server is shut down or crashes or whatnot. I think it's a bad idea. For the same reason. Suppose you have a controller function that sets a number of session variables throughout its execution. Suppose the server loses power or whatnot when the function is half way done. Now, half the session variables that would be set are set and in the database. The other half are not. When the server comes back on, this inconsistency in the database could cause all sorts of weird problems and bugs. Suppose the session variable "logged_in" is set to "True", but the execution stops right before "username" is set to the user's username. When the server comes back online, you have a potential security issue. It makes no sense to persist sessions beyond server lifetime. If you want to commit some change, commit it to the database. Session variables should be treated as regular variables. Elver --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---
