id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
10518	Idle timeouts do not clear session information	Huuuze <nospamus+django@…>	nobody	"I have set the SESSION_COOKIE_AGE value in my settings.py file to expire sessions after 1 hour.  Django successfully logs the user out of the session, however, the backend does not behave as one would expect in this situation.  If a user logged out under normal conditions (i.e., clicks a ""Logout"" link), the session information [http://docs.djangoproject.com/en/dev/topics/auth/?from=olddocs#django.contrib.auth.logout is cleared from the ""django.sessions"" table].  As such, I would expect an idle timeout (which is just a timed logout) to behave in the same manner.  Unfortunately, Django simply creates a new session entry in the ""django.sessions"" table and the old, expired session remains in the table.  The end result is a bloated ""django.sessions"" table that needs to be maintained through an external script."		closed	contrib.auth	1.0		invalid	session timeout		Unreviewed	0	0	0	0	0	0