lino.modlib.users plugin also provides functionality for monitoring
This feature is popular on production sites with relatively few users (less than 100), It requires the database back-end for managing sessions, which is the default behaviour for a Lino site (Lino site maintainers usually don't need to care about How to use sessions).
User sessions can remain in the database even when the user doesn't actually need them any more. We call them dangling sessions.
Dangling sessions can cause "false alerts" on a site with a sessions limit, i.e. Lino would say "There are more than X active user sessions. Please try again later" although "in reality" these users aren't actively working on the site.
Don't mix up dangling sessions with expired
sessions. Sessions have a given time to live, and they expire after that
time. Expired sessions are never shown in the
Sessions table and aren't
taken into account for the sessions limit. Besides using up database
space they don't disturb. Django has an admin command to clean up these
periodically (Clearing the session store).
The site maintainer can configure how long Lino should remember user sessions
SESSION_COOKIE_AGE setting. The default value for this
setting is two weeks.
Dangling sessions can come because user sessions are deleted only when the user logs out explicitly. When a user just closes their browser on one device and logs in from another device, they get a second session, and their first session will remain in the database. Don't expect Lino to remove this session automatically because after all the user might open their first browser again after some time and expect Lino to remember them.
Other possible reasons for dangling sessions are browsers having the option "Delete cookies and site data when browser is closed", or private browser sessions. We have seen situations where a same user had more than 1000 dangling sessions.
To help with detecting dangling sessions, Lino adds the Last activity column
Sessions table. When you see a session with last activity 4
days ago, you may probably assume that it is a dangling session.
There are several ways to handle false sessions limit alerts:
Reduce the value of
SESSION_COOKIE_AGE, e.g. two days instead of two weeks.
SESSION_EXPIRE_AT_BROWSER_CLOSEto True so that sessions expire when the browser closes.
Instruct users to explicitly log out when they don't use Lino.
Increase the sessions limit.
Have the site manager checkand manually kill some dangling sessions.
As a developer you can use the
lino_book.projects.apc project to
interactively explore how Lino behaves regarding sessions. The
settings/__init__.py contains some comments. The project also contains a
show_sessions.py to be run using the
pm run admin
$ pm run show_sessions.py
The following concepts have been covered by this documentation page.
- sessions limit¶
The maximum number of simultaneous user sessions that are allowed on a Lino site.
- dangling session¶
A user session that is not yet expired, but isn't being used actively.
- user session¶
A database entry that is automatically created when a given site user logs in from a given device or browser.