Database error with signed browser cookie-based sessions

[peterbispham]

Hi there

First of all thanks for a great utility. Thought I'd flag an issue I noticed in case it helps.

When using signed browser cookies, the session_key parameter can become rather large and on my postgres database I'm getting these errors:

<class 'django.db.utils.DataError'> value too long for type character varying(40), referer: https://....

Raised in a call such as the following: hit_count = HitCount.objects.get_for_object(article) hit_count_response = HitCountMixin.hit_count(request, hit_count) . <-- this call

This is when using session middleware: SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies' When reverting to database cookies which appear to be 32 chars in length then all is well.

SESSION_ENGINE = 'django.contrib.sessions.backends.db' Might not be something you plan to support but thought I'd flag it in case anyone else is getting the same issue. The side-effect is that hits are not being stored in the session so every time a page is loaded it contributes a hit to the total.

Django 2.0.13 Python 3.7.4

Thanks :)

[siovene]

Hi @peterbispham, I have the same problem. Did you find a workaround? Thanks!

[peterbispham]

@siovene only the workaround I mentioned above, i.e. using database cookies. I didn't find any other solution. I'm not using hitcount at the moment so can't be any more help than that, sorry.

[siovene]

@peterbispham I'm afraid changing the session engine is not an option for me, for performance reasons and also because I don't want to log out tens of thousands of users with this update. Do you know how large the session key can get with the signed cookie engine? I will fork django-hitcount to make the session property accept larger values.

[peterbispham]

Not sure if it's a fixed size but the max cookie size in a browser is 4096 bytes I think so if you could handle that then you should be fine. Good luck :)