Every time a session is loaded or created there is a certain probability (specified by the cleanupProbabilty parameter of the web.session.manager() function) that the session module will look through all sessions to see which ones have expired, removing session information and expired sessions as necessary. This means sessions are not necessarily get destroyed when they expire.
Setting the cleanup parameter too high means unnecessary work is done checking expired session more than is needed. Too low and data may persist for a long time meaning that it takes a long time to cleanup the sessions once the cleanup process is finally begun.
System administrators can manually cleanup sessions using the manager instance's cleanup()
method. Using the method without parameters removes all expired sessions. The method also accepts min and max to specify the range of expiry times to cleanup. You can also cleanup sessions which have not yet expired but this is dangerous for the same reasons destroying current sessions is and will raise a SessionWarning
. To ignore the warning set the parameter ignoreWarning to True
.