mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-01-21 07:55:00 +00:00
61545d1b8d
Currently, sessions are created as files in /var/lib/plinth/sessions. If a user does not logout, the sessions remains there ever after expiry. Cleanup these accumulating files by running a cleanup job every week. Adding django.contrib.sessions to apps list necessary to ensure that 'clearsessions' management command is available. This creates an empty database table for session storage but is harmless. Tests performed: - When run with the change for first time, migration is run for django.contrib.sessions app. - Change the scheduled interval to 30 seconds in the code. Login as a user. A new session file is created in data/var/lib/plinth/sessions. Forward the system clock by at least 2 weeks. The session expires. Within 30 seconds the file is also removed. - Login, then remove the django-secret.key. In 30 seconds we see a message that the session data is corrupt. Advance the clock by at least 2 weeks. The session file is removed and the message about session data is no longer printed. - Repeat for system level plinth after `./setup.py install` and `sudo -u plinth plinth`. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>