OZtree icon indicating copy to clipboard operation
OZtree copied to clipboard
verified publisher icon OneZoom

Trim down overuse of session data, rework session storage

Open hyanwong opened this issue 7 years ago • 7 comments

I have a nasty feeling that the OZ website sends and stores a lot of session information that we don't need. It would be very good to reduce this load, which should increase response times etc.

hyanwong avatar Apr 23 '18 20:04 hyanwong

It does!

# find ./ -type f -mtime +90 | wc -l
   90420
# find ./ -type f -mtime +60 | wc -l
   90689
# find ./ -type f -mtime +30 | wc -l
  152217
# find ./ -type f -mtime +15 | wc -l
  180834
# find ./ -type f -mtime +10 | wc -l
  180834
# find ./ -type f -mtime +5 | wc -l
  180836
# find ./ -type f -mtime +1 | wc -l
  180840
# find ./ -type f | wc -l
  180844

I'm guessing most of these are the site getting spidered.

We should:

  • [ ] Sprinkle session.forget() everywhere we can
  • [ ] Rework uses of session.flash() so we can sprinkle it there too
  • [x] Consider switching to http://web2py.com/books/default/chapter/29/13/deployment-recipes#Sessions-in-database if we can't get it down to a handful of sessions
  • [x] Add a line to supervisord to http://web2py.com/books/default/chapter/29/13/deployment-recipes#Cleaning-up-sessions

lentinj avatar Jul 19 '23 10:07 lentinj

This all sounds good to me. Do we have any Jamie time left to e.g. do the first two. I assume it's not that much work...

hyanwong avatar Jul 19 '23 10:07 hyanwong

It's not that much work. It'd be nice not to have to do though, and have session.forget being the "default". However, I'd assume this requires patching web2py.

OTOH, we could modify the "run all the controllers" unit test to make sure sessions have been forgotten.

lentinj avatar Jul 19 '23 10:07 lentinj

Could we, instead of sprinkling session.forget everywhere, put it once in models/db.py? That would make it a lot harder to forget.

The users of session.flash would need exceptions to this though.

lentinj avatar Apr 15 '24 09:04 lentinj

Could we, instead of sprinkling session.forget everywhere, put it once in models/db.py?

I would be happy to do that, if it works. Are there any recommendations for this: I'm assuming other people have hit the same issue too.

hyanwong avatar Apr 15 '24 10:04 hyanwong

I would be happy to do that, if it works

I'm not entirely sure how it'd interact with the authentication, but I think it's worth trying.

Are there any recommendations for this

Putting session.forget() everywhere was the recommendation IIRC.

lentinj avatar Apr 15 '24 10:04 lentinj

I think we save this for a future update: it's not high priority, as it all works ATM, and I don't want to risk breakage re authentication, but we can easily make it the first issue post-release of the new "Metallic Blue Lady Beetle" tours version.

hyanwong avatar Apr 15 '24 10:04 hyanwong