Closed (works as designed)
Project:
Shared Sign-On
Version:
5.x-1.x-dev
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
24 Jan 2007 at 10:48 UTC
Updated:
26 Jan 2007 at 08:23 UTC
I don't know if this is by design or if there is a problem somewhere but with Single Sign-On enabled and having a shared sessions table, the table fills up with row upon row of sessions. These IP addresses of these sessions are often duplicated and often overlap with timestamps.
This does not relate to authenticated users though. Only the guest sessions are duplicated many times. The guest sessions themselves aren't the problem. It's the multiple sessions from the same IP address, often with overlapping timestamps. In my opinion there should generally only be one session per IP for guest users.
Comments
Comment #1
danielc commentedThe sessions are maintained through cookies. The cookies are tied to a browser to preserve state for that particular instance. They can't be tied to an IP address.
Comment #2
denney commentedOfcourse, I knew that. What I should have said is how come there are so many of these sessions from each IP address? Most of the IP addresses trace back to either Googlebot or Yahoo! Slurp. Shouldn't they only use 1 cookie....
Anyway, back on topic. The real problem is that the sessions aren't removed from the session table when the session times out. They are removed if you log out manually.