Hi, We found there are lots of empty records(load() returns an empty dict) in django_session table.
We suspect it was caused by invalid session keys sending by our users. I created ticket #19324(which I copied below) to describe the problem: https://code.djangoproject.com/ticket/19324#ticket Hope to get your feedback, thanks a lot. Ticket description: db session store calls self.create when no record is found for the session key, which causes an empty record inserted. Is this necessary? This gives chance to user to fill the session table with empty records by sending invalid session keys. is it more appropriate to set session_key to be None in this case? current implementation: def load(self): try: s = Session.objects.get( session_key=self.session_key, expire_date__gt=timezone.now() ) return self.decode(s.session_data) except (Session.DoesNotExist, SuspiciousOperation): self.create() return {} suggested implementation: def load(self): try: s = Session.objects.get( session_key=self.session_key, expire_date__gt=timezone.now() ) return self.decode(s.session_data) except (Session.DoesNotExist, SuspiciousOperation): self.session_key = None return {} -- Robert Liang -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
