Clarify session.delete() behavior #189
Comments
|
As I understand from code, the delete() method does not delete sessions but saves them without values. So it is possible to read them back knowing the ID, but there will be no useful data. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
I was looking at the beaker documentation about session.delete() method. There it says:
"Calling the delete() method deletes the session from the back-end storage and sends an expiration on the cookie requesting the browser to clear it:"
https://beaker.readthedocs.io/en/latest/sessions.html#deleting
However a few lines further we have:
"Removing Expired/Old Sessions
Beaker does not automatically delete expired or old cookies on any of its back-ends. This task is left up to the developer based on how sessions are being used, and on what back-end."
https://beaker.readthedocs.io/en/latest/sessions.html#removing-expired-old-sessions
Looking at the code it indeed seems to no clean-up cookies from any non-transient storage. May I have your help to double check if this is the right behaviour? I mean, on delete()'s documentation it claims it removes the old session/cookies from back-end storage on the other hand "Removing Expired/Old Sessions" states cookies are not deleted from the back-end.
The text was updated successfully, but these errors were encountered: