Closed bmakan closed 5 months ago
This is from a server where I have several session keys:
And this is from a server which has 1.2mil session objects:
500+MB of nothing.
try setting SESSION_COOKIE_SECURE to False
you can set it back when you'll have https
Met the same issue, SESSION_PERMANENT=False works for me, while SESSION_COOKIE_SECURE=False doesn't work.
Maybe it is related to Samesite issue Try to change the SESSION_COOKIE_SAMESITE And SESSION_COOKIE_SECURE
@bmakan I've added some changed in the development branch, which I believe may have solved the issues. Are you able to install locally to test? Thanks
@bmakan I've added some changed in the development branch, which I believe may have solved the issues. Are you able to install locally to test? Thanks
pip install git+https://github.com/pallets-eco/flask-session.git@development
# app.config['SESSION_PERMANENT'] = False
After several page refreshes and various other requests going through, I still only see one session stored in redis which corresponds to the one I see in the browser's cookie.
Once I removed the cookie from the browser, a new one was stored in redis as well. As expected.
Looks good to me.
Awesome, thanks!
Fixed in 0.6.0
This was already mentioned in https://github.com/pallets-eco/flask-session/issues/19.
I use the flask-session to store authentication data of the users. This is usually done once - when the user logs in for the first time. But whenever I refresh the page, I see a few new session entities stored in redis.
Here's an example from redis-cli:
The authentication session is
fe8977c2-34a9-4945-acc0-6c6821944b9f
:But when I check any of the random entry, it looks to be empty:
I was able to fix this by setting:
The default value is
True
though and this means everyone is having their servers flooded with empty sessions needlessly.Also, with the setting set to
False
, I expected I would have to explicitly say when I want to store the session, e.g.session.permanent = True
, but this wasn't the case. The authentication session was stored properly anyway.Is this behavior intended? What's the use case for it?