Index: AUTHORS =================================================================== --- AUTHORS (revision 5468) +++ AUTHORS (working copy) @@ -229,7 +229,7 @@ Karen Tracey Makoto Tsuyuki tt@gurgle.no - Amit Upadhyay + Amit Upadhyay Geert Vanderkelen viestards.lists@gmail.com Milton Waddams Index: django/contrib/sessions/middleware.py =================================================================== --- django/contrib/sessions/middleware.py (revision 5468) +++ django/contrib/sessions/middleware.py (working copy) @@ -48,6 +48,25 @@ def delete_test_cookie(self): del self[TEST_COOKIE_NAME] + def get_session_age(self): + expires_on = self.get('_session_expires_on') + if not expires_on: return settings.SESSION_COOKIE_AGE + delta = expires_on - datetime.datetime.now() + return delta.days * 24 * 60 * 60 + delta.seconds + + def set_session_age(self, seconds): + " Sets the life of the session, irrespective of global settings. " + if not seconds: + try: + del self['_session_expires_on'] + except KeyError: + pass + else: + self['_session_expires_on'] = datetime.datetime.now() + datetime.timedelta(seconds=seconds) + + def get_expire_at_browser_close(self): + return settings.SESSION_EXPIRE_AT_BROWSER_CLOSE and ('_session_expires_on' not in self) + def _get_session(self): # Lazily loads session from storage. self.accessed = True @@ -92,15 +111,16 @@ obj = Session.objects.get_new_session_object() session_key = obj.session_key - if settings.SESSION_EXPIRE_AT_BROWSER_CLOSE: - max_age = None - expires = None - else: - max_age = settings.SESSION_COOKIE_AGE - expires = datetime.datetime.strftime(datetime.datetime.utcnow() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE), "%a, %d-%b-%Y %H:%M:%S GMT") - new_session = Session.objects.save(session_key, request.session._session, - datetime.datetime.now() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE)) - response.set_cookie(settings.SESSION_COOKIE_NAME, session_key, - max_age=max_age, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN, + session_age = request.session.get_session_age() + delta_age = datetime.timedelta(seconds=session_age) + if request.session.get_expire_at_browser_close(): + session_age = None + expires = None + else: + expires = datetime.datetime.strftime(datetime.datetime.utcnow() + delta_age, "%a, %d-%b-%Y %H:%M:%S GMT") + Session.objects.save(session_key, request.session._session, datetime.datetime.now() + delta_age) + response.set_cookie( + settings.SESSION_COOKIE_NAME, session_key, + max_age=session_age, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN, secure=settings.SESSION_COOKIE_SECURE or None) return response Index: django/contrib/sessions/tests.py =================================================================== --- django/contrib/sessions/tests.py (revision 5468) +++ django/contrib/sessions/tests.py (working copy) @@ -10,6 +10,61 @@ >>> s.pop('some key', 'does not exist') 'does not exist' + +######################## +# session_age settings # +######################## + +>>> from django.conf import settings +>>> s.get_session_age() == settings.SESSION_COOKIE_AGE +True + +# Custom session age +>>> s.set_session_age(10) +>>> s.get_session_age() in (9, 10) +True + +# Set back to default session age +>>> s.set_session_age(0) +>>> s.get_session_age() == settings.SESSION_COOKIE_AGE +True + +# Allow to set back to default session age even if no alternate has been set +>>> s.set_session_age(0) + +############################### +# get_expire_at_browser_close # +############################### + +# A bit hackish: we're changing the setting then reverting back to +# the original setting just in case at the end of these tests. +>>> original_setting = settings.SESSION_EXPIRE_AT_BROWSER_CLOSE + +>>> settings.SESSION_EXPIRE_AT_BROWSER_CLOSE = False + +# Custom session age +>>> s.set_session_age(10) +>>> s.get_expire_at_browser_close() +False + +# Default session age +>>> s.set_session_age(0) +>>> s.get_expire_at_browser_close() +False + +>>> settings.SESSION_EXPIRE_AT_BROWSER_CLOSE = True + +# Custom session age +>>> s.set_session_age(10) +>>> s.get_expire_at_browser_close() +False + +# Default session age +>>> s.set_session_age(0) +>>> s.get_expire_at_browser_close() +True + +>>> settings.SESSION_EXPIRE_AT_BROWSER_CLOSE = original_setting """ from django.contrib.sessions.middleware import SessionWrapper Index: docs/sessions.txt =================================================================== --- docs/sessions.txt (revision 5468) +++ docs/sessions.txt (working copy) @@ -39,42 +39,71 @@ It implements the following standard dictionary methods: * ``__getitem__(key)`` + Example: ``fav_color = request.session['fav_color']`` * ``__setitem__(key, value)`` + Example: ``request.session['fav_color'] = 'blue'`` * ``__delitem__(key)`` + Example: ``del request.session['fav_color']``. This raises ``KeyError`` if the given ``key`` isn't already in the session. * ``__contains__(key)`` + Example: ``'fav_color' in request.session`` * ``get(key, default=None)`` + Example: ``fav_color = request.session.get('fav_color', 'red')`` * ``keys()`` * ``items()`` -It also has these three methods: +It also has these methods: * ``set_test_cookie()`` + Sets a test cookie to determine whether the user's browser supports cookies. Due to the way cookies work, you won't be able to test this until the user's next page request. See "Setting test cookies" below for more information. * ``test_cookie_worked()`` + Returns either ``True`` or ``False``, depending on whether the user's browser accepted the test cookie. Due to the way cookies work, you'll have to call ``set_test_cookie()`` on a previous, separate page request. See "Setting test cookies" below for more information. * ``delete_test_cookie()`` + Deletes the test cookie. Use this to clean up after yourself. + * ``set_session_age(seconds)`` + + It takes an integer, number of seconds for which the session should be + valid. This will override the default/global session expiry policy. + See `browser-length sessions vs. persistent sessions`_ for default + session expiry policy. To fall back to the global session expiry policy + again, call ``set_session_age(0)``. + + * ``get_session_age()`` + + Returns the age of the session (which will equal + ``settings.SESSION_COOKIE_AGE`` unless it has been overridden by + ``set_session_age``). + + * ``get_expire_at_browser_close()`` + + Returns either ``True`` or ``False``, depending on whether this session + expires at browser close (which will equal + ``settings.SESSION_EXPIRE_AT_BROWSER_CLOSE`` unless the session age + hase been overridden by ``set_session_age``). + You can edit ``request.session`` at any point in your view. You can edit it multiple times. @@ -217,6 +246,9 @@ her browser. Use this if you want people to have to log in every time they open a browser. +These settings are global defaults, and can be overwritten by explicitly calling +``request.session.set_session_age()`` as described above in `Using sessions in views`_. + Clearing the session table ==========================