Server-side sessions should have an expiry date (updated on each interaction), after which they should be removed from the server to free the memory.
To decide: what happens if client connects after session expires? Should his session data be treated as dirty and should they be handed a new session, or should server try to 'restore' the session somehow from the data sent by client.
Server-side sessions should have an expiry date (updated on each interaction), after which they should be removed from the server to free the memory.
To decide: what happens if client connects after session expires? Should his session data be treated as dirty and should they be handed a new session, or should server try to 'restore' the session somehow from the data sent by client.