Closed dbohannon closed 7 months ago
The session is paired up with uuid on client side's cookie so the PERMANENT_SESSION_LIFETIME
is essentially used to set the expiry of cookie.
While the session will be invalidated if the cookie is deleted or has expired, the session data remains on the server albeit never be accessed anymore.
However, I would prefer to have expired session data removed from the server but that will depend on the behavior of werkzeug.contrib.cache
package instead.
I doubt the files will be removed automatically but calling prune()
may be able to clear all expired session data.
werkzeug.contrib.cache is likely to be removed soon, as it is deprecated. Do you have any planning to use some other approach?
I am also facing similar issue with PERMANENT_SESSION_LIFETIME , which not removing data from session within mentioned time frame. I have used ServerSideSession
from flask_session.sessions import ServerSideSession
Should now be fixed from 0.6.0
As I understand the documentation, the user's session should be deleted automatically (server-side) when the SESSION_PERMANENT option is enabled and the session has been idle longer than the PERMANENT_SESSION_LIFETIME value. However, in my application the session file is never removed when using the FileSystemSessionInterface.
However, the session is removed server-side as expected when using the Redis interface. Am I missing something with the FileSystemSessionInterface?
Additionally, looking at the source, it appears that the PERMANENT_SESSION_LIFETIME is never passed to some of the other interfaces such as MongoDB or SQLAlchemy. Is the session automatically expired server-side when using these interfaces?