If not request.function=='user': session.forget() will prevent saving sessions for all controller functions but the 'user' one which handles login.
On Sep 29, 1:56 am, hywang <why00...@163.com> wrote: > when some one visits my site , a new session file will be created. > Then there is a risk : if somebody connects to my site with lots of > robots again and again, hundreds of session files will be generated in > seconds, deleting session files periodically has no use at all . > > "session.forget()" prevents user login, so I can not do this. > > How can I solve this ? > > thank you.
