Ben Parker wrote:
> If nobody else has figured this one out, I just did. We use a database
> backed session store and I came across this after noticing extra db hits
> for pages which did not use the session.
> The problem is that HTTPResponse.recordSession() is referencing
> transaction.session() instead of transaction._session when checking for
> the existence of (and therefore need to save/send cookie for) the
> Session. The session() method creates the session if it did not exist,
> which defeats the purposes of what recordSession() is trying to do, and
> ends up creating a Session object for every request.
Thanks a lot for the patch, I have applied this in r7032. Strange that
nobody had noticed this so far.
Actually, there is also a hasSession() method, but checking the _session
attribute is the right thing here. The cookie needs only be sent when
the session really has been used.