Closed markhobson closed 4 months ago
In production, if performance is an issue, you want to serve your static files directly through your HTTP server, not through Flask. Then this doesn't apply anyway. In other cases, you may want to serve static files with other conditions applied, at which point it's not clear sessions should always be excluded. I don't think it's worth adding the complexity of implementation and explanation to Flask itself, especially when it's already possible to write a custom session (a completely supported and intended public API) to do whatever you want for your case.
Thanks for the swift reply. I appreciate it's not core functionality, perhaps something that Flask-Session would consider instead.
I don't think it makes sense there either, for the same reasons.
Every HTTP request currently results in an HTTP session being opened via
SessionInterface.open_session
. When a server-side session implementation is used, like Flask-Session, this results in storage writes to update the expiry date. Requests for static resources are also subject to this, which can degrade performance.It would be useful to easily opt static resources out of sessions. Currently this is only possible with a custom session interface, for example:
Configured with: