On 20 May 2002, I said: > BTW thank you -- I have been liking the name 'is_empty()' less and less, > but I couldn't think of what it *should* be called. 'is_dirty()' is the > obvious answer -- duh! Crap. Making this change is philosophically incompatible with the current implementation of SessionManager.maintain_sessions(), which goes to considerable lengths to rid itself of sessions that have not had any useful data put in them: if self.sessions.has_key(session.id): # session already saved if session.is_empty(): # but no use keeping it around del self.sessions[session.id] self.revoke_session_cookie(request) This is all a defence against stupid/malicious clients that ignore both session cookies and robots.txt. (We use robots.txt to steer robots away from areas of our site that require a session, namely the login page and anything that requires logging in. If a robot goes to our login page anyways and gets a session cookie, then it's still OK as long as it returns that session cookie on future requests. If it doesn't, though, then our server is stuck with creating a new session for every request made by this stupid robot. If we then save every one of those sessions to our database, we come in in the morning and find 10,000 empty sessions in our database when we normally have a few hundred. Yuck.) However, I think the logic in maintain_sessions() is flawed: the only place where we add sessions to the sessions dict is in the other branch of the "if" statement I just showed: else: # session not in sessions dict (yet) if not session.is_empty(): # must save it in the dictionary of sessions and drop # a cookie on the client so that it can be found again self.sessions[session.id] = session self.set_session_cookie(request, session.id) IOW, we never put empty sessions in the sessions dict in the first place. So the first half of maintain_sessions() is pointless. Neil, does this sound right to you? Or am I smoking pot / missing some vital point / blinded by science / whatever? If I'm right, then maintain_sessions() can be chopped in half and is_dirty() can replace is_empty(). I'll play around a bit with that and see what breaks. Greg -- Greg Ward - software developer gward@mems-exchange.org MEMS Exchange http://www.mems-exchange.org