Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
size of table GDN_Session
udovdh
New
Hello,
Is GDN-Session supposed to grow and grow?
Can we prune this table?
Or is it automagic?
Kind regards,
Udo
0
Comments
@udovdh You can safely prune the table. Deleting recent entries could log some folks out, but that's the worst that could happen.
What SQL does work to delete records with a modification date one month ago?
When you use a tool like phpMyAdmin and you delete one line with the GUI, you'll see the SQL it uses to delete that row:
Simply alter that to
Thanks, this appears to work!
It shouldn't.
Gnd_Session has to do with stashing of values. It is nothing to do with authentication, which is HMAC. The concept of using HMAC is you don't store the authentication session anywhere on the sever, so it couldn't be jack-potted that way.
Also it reinforces the idea of the stateless protocol. There really is no such thing as being "logged in". Session only exist so long as you have the credentials, it won't rely on a reference in the database.
What would log everyone out would be to change salt, etc.
Stash is rarely used for stashing more than a between a single request, maybe a handful of request. So you could aggressively prune it.
Also consider that stash SessionID is not goign persist for longer than the actual cookie associated with it, which is not the same as the authentication cookie.
The authentication cookie name is Vanilla (you can change it). Only if Stash is being used will you have another cookie VanillaSessionID. Stash is able to work for guest also, it depends how you use it.
grep is your friend.