In HTTPResponse.recordSession() I changed:
cookie = Cookie('_SID_', sess.identifier())
Currently, sessions are created on demand. That means the user may have
already browsed into the subdirectories of a site when the session id is
first recorded in a cookie. I guess by default, cookies are associated with
the URI of the request (say http://localhost/a/b/c/) and only work for that
URI or ones underneath it.
Also, I added this to Application's config settings:
If you turn that on you get debugging output. We can expand this with other
items. Typical usage looks like:
debug = self.setting('Debug')['Sessions']
if debug: prefix = '>> [session] isSessionIdProblematic:'
if debug: print prefix, 'session expired:', sid