search

yesodweb / yesod

A RESTful Haskell web framework built on WAI.
http://www.yesodweb.com/
MIT License
2.63k stars 369 forks source link

check session size limit #557

Closed blueonyx closed 6 years ago

blueonyx commented 11 years ago

hi,

so i'm combining setSession, redirect and setMessage to redirect with message when there is no session data and also to setSession, redirect and lookupSession.

i think so far this should be possible with yesod, or?

1) when run with yesod devel i get this output in console:

>8
recv: resource vanished (Connection reset by peer)
>8

and in the browser i see the "App not ready, please refresh" page and get redirected to my homepage. which is unexpected.

2) when i run using cabal install && myapp Development there is no error and my message appears. this is better, but it still is erronous, because i believe the session data gets set, but is lost after the redirect.

have fun martin

snoyberg commented 11 years ago

Without sample code, there's no way to diagnose the problem.

blueonyx commented 11 years ago

of course, but i dont want to publish my project yet, neither can i abstract a small counter example, because they all work :sadpanda:

blueonyx commented 11 years ago

ok, i think the problem is that i try to store 7.3kb in my session. :->

the limit seems to be around 2.5kb.

what shall i do?

snoyberg commented 11 years ago

If you really need that much session storage, you should put the data itself in a database and just store a key to the data in the user's session.

gregwebs commented 11 years ago

Is it possible to create a better error message?

blueonyx commented 11 years ago

If i boil it down to BigSession.hs i sometimes get Nothing from lookupSession which is better, but clearSession doesnt seem to work always (see description).

furthermore, is it possible to run a single file webapp with yesod devel? because runhaskell BigSession.hs doesnt give the recv error.

meteficha commented 11 years ago

@gregwebs Perhaps we should have a limit that's checked every time the session is serialized. The limit may be overridden by manually instantiating the clientsession backend.

snoyberg commented 9 years ago

Closing out old issues, if still relevant please open a new one.

nhooyr commented 7 years ago

Any progress on this?

snoyberg commented 7 years ago

Felipe created the serversession packages, which would be a good solution in general. The original advice (don't store so much in your session) still applies.

StevenXL commented 6 years ago

Closing this issue as there seems to be a solution and there has been no activity in over a year.