Thanks for the responses Neil, Titus.  I'll stick with my sql based
solution and titus' "don't bother" approach to session expiration :-)

Cheers,

Jamie

> (just for the alternate view ;)
>
> I don't bother -- in my SQL-based session persistence mechanism, I just
> tack on a WHERE clause:
>
> """
> SELECT user_id, quixote_session_id, remote_addr, created, last_access,
>        current_folder_id, lab_id
>           FROM sessions
>            WHERE quixote_session_id=%(session_id)s AND
>                 last_access > now() - %(expiry)s::INTERVAL
> """
>
> The 'sessions' table can be cleaned out at any point, of course.
>
> cheers,
> --titus