[IMP] session_db: add method delete_from_identifiers #3415
Conversation
|
Hi @sbidoul, |
maq-adhoc
force-pushed
the
18.0-H-101032-MAQ
branch
from
1e6ce46 to
c9b513f
Compare
|
Ah I had not noticed If I'm not mistaken, the identifiers provided to that method are the first 42 characters of the sid. It handled that in the 19.0 migration. You may want to review #3413 and then extract the relevant part for 18. |
maq-adhoc
force-pushed
the
18.0-H-101032-MAQ
branch
2 times, most recently
from
0fc95f6 to
a529c9d
Compare
|
@sbidoul Perfect, I backported 19. Regards |
Added the delete_from_identifiers method to PGSessionStore.
This method allows bulk deletion of session records from the http_sessions table
based on a list of session identifiers (sid). It is triggered from the backend
via the "Revoke" button
maq-adhoc
force-pushed
the
18.0-H-101032-MAQ
branch
from
a529c9d to
cc50d2a
Compare
sbidoul
changed the title
| @with_cursor | ||
| def delete_from_identifiers(self, identifiers: list[str]) -> None: | ||
| for identifier in identifiers: | ||
| if not sessions._sha1_re.match(identifier): |
There was a problem hiding this comment.
_sha1_re is not the same regex as _session_identifier_re. Why do you change this?
There was a problem hiding this comment.
hi @sbidoul
The module imports the sessions class from odoo.tools._vendor import sessions.
The generate_key method it calls is this one: https://github.com/odoo/odoo/blob/18.0/odoo/tools/_vendor/sessions.py#L33-L37 which creates a SHA (40 characters) and not a 42-character identifier.
I understand that we could modify the FilesystemSessionStore class to inherit from FilesystemSessionStore (https://github.com/odoo/odoo/blob/18.0/odoo/http.py#L911) and ensure consistent behavior. However, we would have to remove the validations to avoid errors with existing sessions.
Since we are on a stable version with many productive installations, I prefer to be conservative with the changes. I look forward to hearing your opinion.
There was a problem hiding this comment.
Ah, I see. And in 19, we don't have that problem because we use the generate_key method from FileSystemSessionStore here:
server-tools/session_db/pg_session_store.py
Line 142 in 7937302
Is that right?
So maybe we should do the same here, and support both regexes in delete_from_identifiers?
3 participants
Added the delete_from_identifiers method to PGSessionStore.
This method allows bulk deletion of session records from the http_sessions table based on a list of session identifiers (sid). It is triggered from the backend via the "Revoke" button