Index: AUTHORS =================================================================== --- AUTHORS (revision 5468) +++ AUTHORS (working copy) @@ -229,7 +229,7 @@ Karen Tracey Makoto Tsuyuki tt@gurgle.no - Amit Upadhyay + Amit Upadhyay Geert Vanderkelen viestards.lists@gmail.com Milton Waddams Index: django/contrib/sessions/middleware.py =================================================================== --- django/contrib/sessions/middleware.py (revision 5468) +++ django/contrib/sessions/middleware.py (working copy) @@ -1,5 +1,5 @@ from django.conf import settings -from django.contrib.sessions.models import Session +from django.contrib.sessions.models import Session, TILL_BROWSER_CLOSE from django.core.exceptions import SuspiciousOperation from django.utils.cache import patch_vary_headers import datetime @@ -48,6 +48,19 @@ def delete_test_cookie(self): del self[TEST_COOKIE_NAME] + def set_life(self, val): + """ + sets the life of the session, irrespective of global settings. + val is in seconds. + + django.contrib.sessions.models.TILL_BROWSER_CLOSE can also be passed + to ask django to quell session on browser close, overwriting global settings. + """ + if val == TILL_BROWSER_CLOSE: + self["_expires_on"] = TILL_BROWSER_CLOSE + else: + self["_expires_on"] = datetime.datetime.now() + datetime.timedelta(seconds=val) + def _get_session(self): # Lazily loads session from storage. self.accessed = True @@ -92,15 +105,31 @@ obj = Session.objects.get_new_session_object() session_key = obj.session_key - if settings.SESSION_EXPIRE_AT_BROWSER_CLOSE: - max_age = None - expires = None - else: - max_age = settings.SESSION_COOKIE_AGE - expires = datetime.datetime.strftime(datetime.datetime.utcnow() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE), "%a, %d-%b-%Y %H:%M:%S GMT") - new_session = Session.objects.save(session_key, request.session._session, - datetime.datetime.now() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE)) - response.set_cookie(settings.SESSION_COOKIE_NAME, session_key, + now = datetime.datetime.now() + delta_yield = now + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE) + if ( + ( + # if session is set to expire on browser close globally + settings.SESSION_EXPIRE_AT_BROWSER_CLOSE and + # but someone did not set _expires_on, or set it to TILL_BROWSER_CLOSE + request.session.get("_expires_on", TILL_BROWSER_CLOSE) == TILL_BROWSER_CLOSE + ) or + ( + # if someone asked as to expire on browser close irrespective of global setting + request.session.get("_expires_on") == TILL_BROWSER_CLOSE + ) + ): + max_age = None # session expiry is simulated by cookie deletion. + expires = None # which is done by setting these two to None + else: # session need to be preserved, cookie has to be set + delta_yield = request.session.get("_expires_on", delta_yield) + max_age_timedelta = delta_yield - now + max_age = max_age_timedelta.days * 24 * 60 * 60 + max_age_timedelta.seconds + expires = datetime.datetime.strftime(delta_yield, "%a, %d-%b-%Y %H:%M:%S GMT") + Session.objects.save(session_key, request.session._session, delta_yield) + response.set_cookie( + settings.SESSION_COOKIE_NAME, session_key, max_age=max_age, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN, - secure=settings.SESSION_COOKIE_SECURE or None) + secure=settings.SESSION_COOKIE_SECURE or None + ) return response Index: django/contrib/sessions/models.py =================================================================== --- django/contrib/sessions/models.py (revision 5468) +++ django/contrib/sessions/models.py (working copy) @@ -4,6 +4,8 @@ from django.utils.translation import gettext_lazy as _ from django.conf import settings +TILL_BROWSER_CLOSE = -1 + class SessionManager(models.Manager): def encode(self, session_dict): "Returns the given session dictionary pickled and encoded as a string." Index: docs/sessions.txt =================================================================== --- docs/sessions.txt (revision 5468) +++ docs/sessions.txt (working copy) @@ -58,7 +58,7 @@ * ``items()`` -It also has these three methods: +It also has these four methods: * ``set_test_cookie()`` Sets a test cookie to determine whether the user's browser supports @@ -75,6 +75,14 @@ * ``delete_test_cookie()`` Deletes the test cookie. Use this to clean up after yourself. + * ``set_life(val)`` + It takes an integer, number of seconds for which the session should be + valid. It can also take django.contrib.session.models.TILL_BROWSER_CLOSE, + that will quell the session at the close of browser. Calling set_life + will overwrite the global/default session expiry policy. See + `browser-length sessions vs. persistent sessions` for default session expiry + policy. + You can edit ``request.session`` at any point in your view. You can edit it multiple times. @@ -217,6 +225,9 @@ her browser. Use this if you want people to have to log in every time they open a browser. +These settings are global defaults, and can be overwritten by explicitly calling +``request.session.set_life()`` as described above. + Clearing the session table ==========================