Index: contrib/sessions/middleware.py =================================================================== --- contrib/sessions/middleware.py (revision 426) +++ contrib/sessions/middleware.py (working copy) @@ -1,5 +1,5 @@ from django.conf import settings -from django.contrib.sessions.models import Session +from django.contrib.sessions.models import Session, TILL_BROWSER_CLOSE from django.core.exceptions import SuspiciousOperation from django.utils.cache import patch_vary_headers import datetime @@ -48,6 +48,19 @@ def delete_test_cookie(self): del self[TEST_COOKIE_NAME] + def set_life(self, val): + """ + sets the life of the session, irrespective of global settings. + val is in seconds. + + django.contrib.sessions.models.TILL_BROWSER_CLOSE can also be passed + to ask django to quell session on browser close, overwriting global settings. + """ + if val == TILL_BROWSER_CLOSE: + self["_expires_on"] = TILL_BROWSER_CLOSE + else: + self["_expires_on"] = datetime.datetime.now() + datetime.timedelta(seconds=val) + def _get_session(self): # Lazily loads session from storage. self.accessed = True @@ -92,15 +105,31 @@ obj = Session.objects.get_new_session_object() session_key = obj.session_key - if settings.SESSION_EXPIRE_AT_BROWSER_CLOSE: - max_age = None - expires = None - else: - max_age = settings.SESSION_COOKIE_AGE - expires = datetime.datetime.strftime(datetime.datetime.utcnow() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE), "%a, %d-%b-%Y %H:%M:%S GMT") - new_session = Session.objects.save(session_key, request.session._session, - datetime.datetime.now() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE)) - response.set_cookie(settings.SESSION_COOKIE_NAME, session_key, + now = datetime.datetime.now() + delta_yield = now + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE) + if ( + ( + # if session is set to expire on browser close globally + settings.SESSION_EXPIRE_AT_BROWSER_CLOSE and + # but someone did not set _expires_on, or set it to TILL_BROWSER_CLOSE + request.session.get("_expires_on", TILL_BROWSER_CLOSE) == TILL_BROWSER_CLOSE + ) or + ( + # if someone asked as to expire on browser close irrespective of global setting + request.session.get("_expires_on") == TILL_BROWSER_CLOSE + ) + ): + max_age = None # session expiry is simulated by cookie deletion. + expires = None # which is done by setting these two to None + else: # session need to be preserved, cookie has to be set + delta_yield = request.session.get("_expires_on", delta_yield) + max_age_timedelta = delta_yield - now + max_age = max_age_timedelta.days * 24 * 60 * 60 + max_age_timedelta.seconds + expires = datetime.datetime.strftime(delta_yield, "%a, %d-%b-%Y %H:%M:%S GMT") + Session.objects.save(session_key, request.session._session, delta_yield) + response.set_cookie( + settings.SESSION_COOKIE_NAME, session_key, max_age=max_age, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN, - secure=settings.SESSION_COOKIE_SECURE or None) + secure=settings.SESSION_COOKIE_SECURE or None + ) return response Index: contrib/sessions/models.py =================================================================== --- contrib/sessions/models.py (revision 426) +++ contrib/sessions/models.py (working copy) @@ -4,6 +4,8 @@ from django.utils.translation import gettext_lazy as _ from django.conf import settings +TILL_BROWSER_CLOSE = -1 + class SessionManager(models.Manager): def encode(self, session_dict): "Returns the given session dictionary pickled and encoded as a string."