How long before deleting sessions?


#1

What is the recommended amount of time to keep sessions around in the
database (i store them in a sessions table). IF you get 1 million
requests
per day you are going to get 1 million new session entries in the DB.
This
would need some serious cleaning so just wondering what a safe cleanup
time
would be.

Also does anyone know how to prevent new sessions records from being
created
if session vars are not needed? This seems like a lot of work for no
reason.

thanks
adam


#2

On May 12, 2006, at 8:10 AM, Adam D. wrote:

What is the recommended amount of time to keep sessions around in
the database (i store them in a sessions table). IF you get 1
million requests per day you are going to get 1 million new session
entries in the DB. This would need some serious cleaning so just
wondering what a safe cleanup time would be.

Databases happily eat millions of rows with no trouble. Put an index
on session_id and set up a cron job to ‘delete from sessions where
updated_at < ?’ every now & then.

Also does anyone know how to prevent new sessions records from
being created if session vars are not needed? This seems like a lot
of work for no reason.

Turn sessions off if you don’t use them:
http://api.rubyonrails.org/classes/ActionController/
SessionManagement/ClassMethods.html#M000102

jeremy


#3

well i was kind of asking how long a session should remain in the DB.
so
update_at < ? should be how many days ?

Also I do need sessions, I didnt think i needed an entry in the DB for
one
if a session never got populated. Seems like overkill to me especially
for
a website that gets tons of traffic.

thanks
adam


#4

Even if you don’t explicitly use a session, it will be created unless
you turn them off in your environment.rb ( it may be turned off
somewhere else, I’m not near my normal computer to check).

Charlie B.
http://www.recentrambles.com


#5

Adam D. wrote:

well i was kind of asking how long a session should remain in the DB.
so update_at < ? should be how many days ?

That depends on your application. What makes sense for your app? If you
have a news site, it probably makes sense for the session to expire in a
couple of days. If you have a store, you might want the contents of
someone’s shopping cart to reappear even if they haven’t visited for a
couple of months.

It’s worth thinking a little about the dynamics of the session
population which vary among different types of sites.

If you are planning for 1 million visits per day, how many of those are
new visitors? Are you using cookies, or logins, to reattach users to
their sessions? That means that you aren’t going to be adding 1 million
new rows to the session table, only some fraction that depends on the
number of new users.

If 90% of your visitors are returning in the interval before your
sessions expire, that means that your db is only growing by 100,000 new
sessions per day.

On the other hand, if 90% of your visitors are new, then your sessions
table is growing by 900,000 per day.

If 90% of your visitors are new, then there probably isn’t much value in
the state of you application, so you can expire sessions more quickly,
but if 90% of your visitors are returning, there is probably some value
in holding onto the state longer.

Also I do need sessions, I didnt think i needed an entry in the DB for
one if a session never got populated. Seems like overkill to me
especially for a website that gets tons of traffic.

If you store your sessions in the db, then you need a entry in the db.
You have already made that decision unless you are willing to undertake
the effort of developing a two-tier session store. You could mark some
sessions as keepers based on rules that only you know, but unless you
have evidence that this is really a problem, I wouldn’t bother.

Ray


#6

“Adam D.” removed_email_address@domain.invalid
writes:

What is the recommended amount of time to keep sessions around in the
database (i store them in a sessions table). IF you get 1 million requests
per day you are going to get 1 million new session entries in the DB.

Not really, a session is not created per request. Rather it is
associated with
a certain user, machine and a browser combination.

This
would need some serious cleaning so just wondering what a safe cleanup time
would be.

A session can be cleaned up when the user logs out.

Also does anyone know how to prevent new sessions records from being created
if session vars are not needed? This seems like a lot of work for no reason.

Don’t store anything in the session, and I think you should be good.

Hope this helps.

Surendra S.
http://ssinghi.kreeti.com, http://www.kreeti.com
Read my blog at: http://cuttingtheredtape.blogspot.com/
,----
| “O thou my friend! The prosperity of Crime is like unto the lightning,
| whose traitorous brilliancies embellish the atmosphere but for an
| instant, in order to hurl into death’s very depths the luckless one
| they have dazzled.” – Marquis de Sade
`----