On Thu, Mar 3, 2011 at 9:28 AM, Christoph Zwerschke <cito@online.de> wrote:
IMHO the most simple solution would be to keep a "dirty flag" (set
whenever __setitem__ or __delitem__ is called for the session) and then
save the session only when the dirty flag has been set. This will also
be good for performance. We could also add an AppConfig setting for
manual saving (False by default to maintain backward compatibility). In
this case, the dirty flag would not be set automatically, but by calling
a save() method on the session.

But I'm already seeing a problem with that approach: Since the
lastAccessTime is stored along with the session, it will not get updated
if the session is not saved, so the session will expire too early if the
user does not do anything that alters the session.
 
I kind of don't care if the lastAccessTime isn't updated in this session saving "mode". We use very long session expiry times so if a "read only" user had to relogin a little more frequently I don't think it would be an issue that anyone would notice. Also for our system at some point they will perform an action that modifies the session.

Since this is a new feature which Webware users would have to turn on I'd recommend we do "the simplest thing that works" and provide a new config setting for Sessions that takes multiple values:
"EveryRequest" - default and current functionality
"WhenChanged" - only saves when add/delete has been called

Best Regards,
Steve