Forum: Ruby on Rails how long before deleting sessions ?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
F15fdc7cb2e911b3808837f2be244add?d=identicon&s=25 Adam Denenberg (Guest)
on 2006-05-12 17:14
(Received via mailing list)
What is the recommended amount of time to keep sessions around in the
database (i store them in a sessions table).  IF you get 1 million
requests
per day you are going to get 1 million new session entries in the DB.
This
would need some serious cleaning so just wondering what a safe cleanup
time
would be.

Also does anyone know how to prevent new sessions records from being
created
if session vars are not needed? This seems like a lot of work for no
reason.

thanks
adam
24d2f8804e6bb4b7ea6bd11e0a586470?d=identicon&s=25 Jeremy Kemper (Guest)
on 2006-05-12 18:50
(Received via mailing list)
On May 12, 2006, at 8:10 AM, Adam Denenberg wrote:
> What is the recommended amount of time to keep sessions around in
> the database (i store them in a sessions table).  IF you get 1
> million requests per day you are going to get 1 million new session
> entries in the DB.  This would need some serious cleaning so just
> wondering what a safe cleanup time would be.

Databases happily eat millions of rows with no trouble. Put an index
on session_id and set up a cron job to 'delete from sessions where
updated_at < ?' every now & then.


> Also does anyone know how to prevent new sessions records from
> being created if session vars are not needed? This seems like a lot
> of work for no reason.

Turn sessions off if you don't use them:
   http://api.rubyonrails.org/classes/ActionController/
SessionManagement/ClassMethods.html#M000102

jeremy
F15fdc7cb2e911b3808837f2be244add?d=identicon&s=25 Adam Denenberg (Guest)
on 2006-05-12 18:57
(Received via mailing list)
well i was kind of asking how long a session should remain in the DB.
so
update_at < ? should be how many days ?

Also I _do_ need sessions, I didnt think i needed an entry in the DB for
one
if a session never got populated.  Seems like overkill to me especially
for
a website that gets tons of traffic.

thanks
adam
D449d54c3b0f8c9930c11c7d7d3e6cdd?d=identicon&s=25 Surendra Singhi (Guest)
on 2006-05-12 19:03
(Received via mailing list)
"Adam Denenberg" <straightflush@gmail.com>
writes:

> What is the recommended amount of time to keep sessions around in the
> database (i store them in a sessions table).  IF you get 1 million requests
> per day you are going to get 1 million new session entries in the DB.

Not really, a session is not created per request. Rather it is
associated with
a certain user, machine and a browser combination.
>This
> would need some serious cleaning so just wondering what a safe cleanup time
> would be.
>
A session can be cleaned up when the user logs out.

> Also does anyone know how to prevent new sessions records from being created
> if session vars are not needed? This seems like a lot of work for no reason.
>
Don't store anything in the session, and I think you should be good.

Hope this helps.
--
Surendra Singhi
http://ssinghi.kreeti.com, http://www.kreeti.com
Read my blog at: http://cuttingtheredtape.blogspot.com/
,----
| "O thou my friend! The prosperity of Crime is like unto the lightning,
| whose traitorous brilliancies embellish the atmosphere but for an
| instant, in order to hurl into death's very depths the luckless one
| they have dazzled." -- Marquis de Sade
`----
89d967359903c639d31e4cad4569f537?d=identicon&s=25 Charlie Bowman (Guest)
on 2006-05-12 19:10
(Received via mailing list)
Even if you don't explicitly use a session, it will be created unless
you turn them off in your environment.rb ( it may be turned off
somewhere else, I'm not near my normal computer to check).

Charlie Bowman
http://www.recentrambles.com
E28c35323f624b8b9ed8712e25105454?d=identicon&s=25 Ray Baxter (Guest)
on 2006-05-13 01:11
(Received via mailing list)
Adam Denenberg wrote:

> well i was kind of asking how long a session should remain in the DB.
> so update_at < ? should be how many days ?

That depends on your application. What makes sense for your app? If you
have a news site, it probably makes sense for the session to expire in a
couple of days. If you have a store, you might want the contents of
someone's shopping cart to reappear even if they haven't visited for a
couple of months.

It's worth thinking a little about the dynamics of the session
population which vary among different types of sites.

If you are planning for 1 million visits per day, how many of those are
new visitors? Are you using cookies, or logins, to reattach users to
their sessions?  That means that you aren't going to be adding 1 million
new rows to the session table, only some fraction that depends on the
number of new users.

If 90% of your visitors are returning in the interval before your
sessions expire, that means that your db is only growing by 100,000 new
sessions per day.

On the other hand, if 90% of your visitors are new, then your sessions
table is growing by 900,000 per day.

If 90% of your visitors are new, then there probably isn't much value in
the state of you application, so you can expire sessions more quickly,
but if 90% of your visitors are returning, there is probably some value
in holding onto the state longer.

> Also I _do_ need sessions, I didnt think i needed an entry in the DB for
> one if a session never got populated.  Seems like overkill to me
> especially for a website that gets tons of traffic.

If you store your sessions in the db, then you need a entry in the db.
You have already made that decision unless you are willing to undertake
the effort of developing a two-tier session store. You could mark some
sessions as keepers based on rules that only you know, but unless you
have evidence that this is really a problem, I wouldn't bother.

--

Ray
This topic is locked and can not be replied to.