I use sessions in Django to store user information as well as other information. I read through the Django session site and still have a few questions.
On the Django website:
By default, Django stores sessions in your database (using the django.contrib.sessions.models.Session model). Although this is convenient, in some it configures it faster to store session data in another place, so Django can be configured to store session data of your file system or in your cache.
also:
For persistent cached data, set SESSION_ENGINE to django.contrib.sessions.backends.cached_db . This uses a cache entry - each cache entry will also be written to the database. The session reads use only the database if the data is not already in the cache.
Is there a good rule of thumb for which to use? cached_db seems that it will always be the best choice, because the best case, the data is in the cache, and in the worst case, in the database, where it will be anyway. The only downside is installing memcached.
By default, SESSION_EXPIRE_AT_BROWSER_CLOSE set to False , which means session cookies will be stored in users browsers for as long as SESSION_COOKIE_AGE . use this if you do not want people to log in every time they open a browser.
Is it possible to have both, the session expires in the browser close And give age?
If the value is an integer, the session will expire after this many seconds passivity. For example, calling request.session.set_expiry(300) to make the session expire after 5 minutes.
What is considered "inactivity"?
If you use a database backend, note that session data may accumulate in the django_session database table and Django does not automatically purge. Consequently, it is your job of cleaning up expired sessions on a regular basis.
Thus, this means that even if the session has expired, there are still entries in my database. Where exactly could the code for "cleaning db" be put? I feel that you will need a separate thread to just go through db every time after a while (every hour?) And delete any expired sessions.