c559c43daf
By default, all sessions are given the same expiration time configured in the session store (e.g. 1 week). However, unauthenticated users can generate a lot of sessions, primarily for CSRF verification. It makes sense to reduce the TTL for unauthenticated to something much lower than the default (e.g. 1 hour) to limit Redis memory. In addition, Rails creates a new session after login, so the short TTL doesn't even need to be extended. Closes #48101
5 lines
105 B
YAML
5 lines
105 B
YAML
---
|
|
title: Limit the TTL for anonymous sessions to 1 hour
|
|
merge_request: 20700
|
|
author:
|
|
type: performance
|