Changeset 3049

Timestamp:

06/01/06 17:25:06 (2 years ago)

Author:

adrian

Message:

Fixed #395 -- Added SESSION_EXPIRE_AT_BROWSER_CLOSE setting, which regulates whether session framework should use browser-session-length cookies.

Files:

• django/trunk/django/conf/global_settings.py (modified) (1 diff)
• django/trunk/django/contrib/sessions/middleware.py (modified) (1 diff)
• django/trunk/docs/sessions.txt (modified) (2 diffs)
• django/trunk/docs/settings.txt (modified) (1 diff)

django/trunk/django/conf/global_settings.py

@@ -236 +236 @@
-SESSION_COOKIE_DOMAIN = None              # A string like ".lawrence.com", or None for standard domain cookie.
-SESSION_SAVE_EVERY_REQUEST = False        # Whether to save the session data on every request.
+SESSION_EXPIRE_AT_BROWSER_CLOSE = False   # Whether sessions expire when a user closes his browser.
-
-#########

django/trunk/django/contrib/sessions/middleware.py

@@ -80 +80 @@
-            if modified or settings.SESSION_SAVE_EVERY_REQUEST:
-                session_key = request.session.session_key or Session.objects.get_new_session_key()
+                if settings.SESSION_EXPIRE_AT_BROWSER_CLOSE:
+                    max_age = None
+                    expires = None
+                else:
+                    max_age = settings.SESSION_COOKIE_AGE
+                    expires = datetime.datetime.strftime(datetime.datetime.utcnow() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE), "%a, %d-%b-%Y %H:%M:%S GMT")
-                new_session = Session.objects.save(session_key, request.session._session,
-                    datetime.datetime.now() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE))
-                expires = datetime.datetime.strftime(datetime.datetime.utcnow() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE), "%a, %d-%b-%Y %H:%M:%S GMT")
-                response.set_cookie(settings.SESSION_COOKIE_NAME, session_key,
-settings.SESSION_COOKIE_AGE
+max_age
-        return response

django/trunk/docs/sessions.txt

@@ -198 +198 @@
-session cookie is sent.
-
+Browser-length sessions vs. persistent sessions
+===============================================
+
+You can control whether the session framework uses browser-length sessions vs.
+persistent sessions with the ``SESSION_EXPIRE_AT_BROWSER_CLOSE`` setting.
+
+By default, ``SESSION_EXPIRE_AT_BROWSER_CLOSE`` is set to ``False``, which
+means session cookies will be stored in users' browsers for as long as
+``SESSION_COOKIE_AGE``. Use this if you don't want people to have to log in
+every time they open a browser.
+
+If ``SESSION_EXPIRE_AT_BROWSER_CLOSE`` is set to ``True``, Django will use
+browser-length cookies -- cookies that expire as soon as the user closes his or
+her browser. Use this if you want people to have to log in every time they open
+a browser.
+
-Settings
-========
@@ -225 +241 @@
-
-The name of the cookie to use for sessions. This can be whatever you want.
+
+SESSION_EXPIRE_AT_BROWSER_CLOSE
+-------------------------------
+
+Default: ``False``
+
+Whether to expire the session when the user closes his or her browser. See
+"Browser-length sessions vs. persistent sessions" above.
-
-SESSION_SAVE_EVERY_REQUEST

django/trunk/docs/settings.txt

@@ -604 +604 @@
-See the `session docs`_.
-
+SESSION_EXPIRE_AT_BROWSER_CLOSE
+-------------------------------
+
+Default: ``False``
+
+Whether to expire the session when the user closes his or her browser.
+See the `session docs`_.
+
-SESSION_SAVE_EVERY_REQUEST
---------------------------