From 0dabd4ffc0a5f9a4f10d31ec1e8358be825641f9 Mon Sep 17 00:00:00 2001 From: Leo Hemsted Date: Tue, 3 Apr 2018 14:43:38 +0100 Subject: [PATCH] remove any old file upload data on sign in if a user signs in again, clear their file upload data from any aborted journeys from before, so that their cookies don't fill up also add some temporary logging when the session starts getting full. --- app/main/views/send.py | 9 +++++++++ app/main/views/two_factor.py | 2 ++ 2 files changed, 11 insertions(+) diff --git a/app/main/views/send.py b/app/main/views/send.py index a9c215e0f..21fb7bf32 100644 --- a/app/main/views/send.py +++ b/app/main/views/send.py @@ -1,4 +1,5 @@ import itertools +import json from string import ascii_uppercase from zipfile import BadZipFile @@ -92,6 +93,14 @@ def get_example_letter_address(key): @login_required @user_has_permissions('send_messages', restrict_admin_usage=True) def send_messages(service_id, template_id): + # if there's lots of data in the session, lets log it for debugging purposes + # TODO: Remove this once we're confident we have session size under control + if len(session.get('file_uploads', {}).keys()) > 2: + current_app.logger.info('session contains large file_uploads - json_len {}, keys: {}'.format( + len(json.dumps(session['file_uploads'])), + session['file_uploads'].keys()) + ) + session['sender_id'] = None db_template = service_api_client.get_service_template(service_id, template_id)['data'] diff --git a/app/main/views/two_factor.py b/app/main/views/two_factor.py index 0d311ac6b..4daf6f1e6 100644 --- a/app/main/views/two_factor.py +++ b/app/main/views/two_factor.py @@ -100,7 +100,9 @@ def log_in_user(user_id): activated_user = user_api_client.activate_user(user) login_user(activated_user) finally: + # get rid of anything in the session that we don't expect to have been set during register/sign in flow session.pop("user_details", None) + session.pop("file_uploads", None) return redirect_when_logged_in(user_id)