On Tue, Feb 7, 2017 at 6:28 PM, Mike Orr <[email protected]> wrote:
> On Tue, Feb 7, 2017 at 2:38 PM, Jeff Dairiki <[email protected]> wrote: > > > > > > On Mon, Feb 6, 2017 at 11:25 AM, Jonathan Vanasco <[email protected] > > > > wrote: > >> > >> > >> > >> On Sunday, February 5, 2017 at 4:16:29 PM UTC-5, Jeff Dairiki wrote: > >>> > >>> > >>> Actually, no. Pretty much every page includes a CSRF token somewhere, > >>> and thus require a session. However these simple sessions are stored > >>> entirely in the session cookie, so no server-side storage is required. > >> > >> > >> Sorry, I meant to describe a placeholder session in redis. At some > point > >> you decide a session id is needed for redis. > > > > > > Yes, that's right. The session id for redis is not created until it is > > decided that the session will be stored in redis. (This happens when the > > session dict is not JSON-serializable, or when the size of the JSON > > serialization exceeds a configured limit.) At least with our usage, most > > sessions, including those created by bots do not hit redis at all. > > This is in the regular 'pyramid_redis_sessions', or this is in a fork? > This is custom (private) code. It is not based on pyramid_redis_sessions at all. It does, however, extend the standard pyramid SignedCookieSessionFactory for session cookie management, and dogpile.cache is used for handling the server-side (redis) data. If there's real interest in it, I can look into splitting it into it's own library. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/CAM4%2Bx0G5KSEnXbJeo0gWbTJ3Y3GVKD_iodGf25RRppRn0OoX%3Dw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
