Thank you very much Niphlod, a perfect explanation.
On Thursday, January 9, 2014 9:29:25 PM UTC+1, Niphlod wrote: > > > > On Wednesday, January 8, 2014 10:41:49 PM UTC+1, Wonton wrote: >> >> Hello everyone, >> >> I'm trying to implement the web2py recipes to improve the efficiency and >> security of my backend. I'm beggining with sessions and I have a couple of >> doubts: >> >> - My site is over SSL and has user authentication, so I guess I should >> secure my sessions. The recipe sais "In your applications, if they require >> authentication, you should make the session cookies secure >> with:session.secure()", >> but, where should I put that code? >> > > session.secure() just adds secure to the cookies. If all your site is > behind ssl, then put session.secure() in a model, so every session will > have this "flag" set. > > >> - The number of session files of my server is growing quickly so I should >> use the sessions2trash.py script, but, how should I use that script? >> Should I create a cron task in my server that execute each day something >> like this "python web2py.py -S app -M -R scripts/sessions2trash.py -A -o >> -x 3600 -f"? >> > > this is a two-sided question: if your sessions are growing because they > are never deleted then sure, use the script as a cron task (the setup with > nginx does it for you for the welcome app automatically > > https://github.com/web2py/web2py/blob/master/scripts/setup-web2py-nginx-uwsgi-ubuntu.sh#L145 > using uwsgi cron facilities > ) > if instead they're growing because lots of different users access the > application that needs them, you can't absolutely do nothing, except > following some best practices on using separate=True to avoid having speed > penalties from the underlying filesystem (for tenths of thousands of > session files) or adopt the redis backend, that can handle millions of > sessions very quickly. All of this is largely documented on the book at > http://web2py.com/books/default/chapter/29/13/deployment-recipes > Please note that with your commandline you'll delete sessions older than > an hour, regardless of the expiration: this means that your users will have > to logon after 1 hour of no activity, and that **could** be seen as a > bummer. > > >> >> Thank you very much and kind regards! >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
