This way reduce the harm but can not solve it. Session should be controlled by every controller but not by new connection.
On 9月29日, 下午4时47分, Jason Brower <encomp...@gmail.com> wrote: > I think there is a way to save the sessions to a database. It's in the > book if I am not mistaken. > BR, > Jason Brower > > On 09/29/2010 09:56 AM, hywang wrote: > > > when some one visits my site , a new session file will be created. > > Then there is a risk : if somebody connects to my site with lots of > > robots again and again, hundreds of session files will be generated in > > seconds, deleting session files periodically has no use at all . > > > "session.forget()" prevents user login, so I can not do this. > > > How can I solve this ? > > > thank you. > >
