Ticket #2548: session_middleware.11.diff

AUTHORS

@@ -229 +229 @@
     Karen Tracey <graybark@bellsouth.net>
     Makoto Tsuyuki <mtsuyuki@gmail.com>
     tt@gurgle.no
-    Amit Upadhyay
+    Amit Upadhyay <http://www.amitu.com/blog/>
     Geert Vanderkelen
     viestards.lists@gmail.com
     Milton Waddams

django/contrib/sessions/middleware.py

@@ -48 +48 @@
     def delete_test_cookie(self):
         del self[TEST_COOKIE_NAME]
 
+    def get_session_age(self):
+        return self.get('_session_age', settings.SESSION_COOKIE_AGE)
+    def set_session_age(self, seconds):
+        " Sets the life of the session, irrespective of global settings. "
+        if not seconds:
+            del self['_session_age']
+        else:
+            self['_session_age'] = seconds
+
+    def get_expire_at_browser_close(self):
+        return settings.SESSION_EXPIRE_AT_BROWSER_CLOSE and ('_session_age' not in self)
+
     def _get_session(self):
         # Lazily loads session from storage.
         self.accessed = True
@@ -92 +104 @@
                     obj = Session.objects.get_new_session_object()
                     session_key = obj.session_key
 
-                if settings.SESSION_EXPIRE_AT_BROWSER_CLOSE:
-                    max_age = None
-                    expires = None
-                else:
-                    max_age = settings.SESSION_COOKIE_AGE
-                    expires = datetime.datetime.strftime(datetime.datetime.utcnow() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE), "%a, %d-%b-%Y %H:%M:%S GMT")
-                new_session = Session.objects.save(session_key, request.session._session,
-                    datetime.datetime.now() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE))
-                response.set_cookie(settings.SESSION_COOKIE_NAME, session_key,
-                    max_age=max_age, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
+                session_age = request.session.get_session_age()
+                delta_age = datetime.timedelta(seconds=session_age)
+                if request.session.get_expire_at_browser_close():
+                    session_age = None 
+                    expires = None 
+                else: 
+                    expires = datetime.datetime.strftime(datetime.datetime.utcnow() + delta_age, "%a, %d-%b-%Y %H:%M:%S GMT")
+                Session.objects.save(session_key, request.session._session, datetime.datetime.now() + delta_age)
+                response.set_cookie(
+                    settings.SESSION_COOKIE_NAME, session_key,
+                    max_age=session_age, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
                     secure=settings.SESSION_COOKIE_SECURE or None)
         return response

docs/sessions.txt

@@ -39 +39 @@
 It implements the following standard dictionary methods:
 
     * ``__getitem__(key)``
+
       Example: ``fav_color = request.session['fav_color']``
 
     * ``__setitem__(key, value)``
+
       Example: ``request.session['fav_color'] = 'blue'``
 
     * ``__delitem__(key)``
+
       Example: ``del request.session['fav_color']``. This raises ``KeyError``
       if the given ``key`` isn't already in the session.
 
     * ``__contains__(key)``
+
       Example: ``'fav_color' in request.session``
 
     * ``get(key, default=None)``
+
       Example: ``fav_color = request.session.get('fav_color', 'red')``
 
     * ``keys()``
 
     * ``items()``
 
-It also has these three methods:
+It also has these methods:
 
     * ``set_test_cookie()``
+
       Sets a test cookie to determine whether the user's browser supports
       cookies. Due to the way cookies work, you won't be able to test this
       until the user's next page request. See "Setting test cookies" below for
       more information.
 
     * ``test_cookie_worked()``
+
       Returns either ``True`` or ``False``, depending on whether the user's
       browser accepted the test cookie. Due to the way cookies work, you'll
       have to call ``set_test_cookie()`` on a previous, separate page request.
       See "Setting test cookies" below for more information.
 
     * ``delete_test_cookie()``
+
       Deletes the test cookie. Use this to clean up after yourself.
 
+    * ``set_session_age(seconds)``
+
+      It takes an integer, number of seconds for which the session should be 
+      valid. This will override the default/global session expiry policy.
+      See `browser-length sessions vs. persistent sessions`_ for default
+      session expiry policy. To fall back to the global session expiry policy
+      again, call ``set_session_age(0)``.
+
+    * ``get_session_age()``
+
+      Returns the age of the session (which will equal
+      ``settings.SESSION_COOKIE_AGE`` unless it has been overridden by
+      ``set_session_age``).
+
+    * ``get_expire_at_browser_close()``
+
+      Returns either ``True`` or ``False``, depending on whether this session
+      expires at browser close (which will equal
+      ``settings.SESSION_EXPIRE_AT_BROWSER_CLOSE`` unless the session age
+      hase been overridden by ``set_session_age``).
+
 You can edit ``request.session`` at any point in your view. You can edit it
 multiple times.
 
@@ -217 +246 @@
 her browser. Use this if you want people to have to log in every time they open
 a browser.
 
+These settings are global defaults, and can be overwritten by explicitly calling
+``request.session.set_expiry_age()`` as described above in `Using sessions in views`_.
+
 Clearing the session table
 ==========================