Ticket #2548: session_middleware.7.diff

AUTHORS

@@ -229 +229 @@
     Karen Tracey <graybark@bellsouth.net>
     Makoto Tsuyuki <mtsuyuki@gmail.com>
     tt@gurgle.no
-    Amit Upadhyay
+    Amit Upadhyay <http://www.amitu.com/blog/>
     Geert Vanderkelen
     viestards.lists@gmail.com
     Milton Waddams

django/contrib/sessions/middleware.py

@@ -1 +1 @@
 from django.conf import settings
-from django.contrib.sessions.models import Session
+from django.contrib.sessions.models import Session, TILL_BROWSER_CLOSE
 from django.core.exceptions import SuspiciousOperation
 from django.utils.cache import patch_vary_headers
 import datetime
@@ -48 +48 @@
     def delete_test_cookie(self):
         del self[TEST_COOKIE_NAME]
 
+    def set_life(self, val):
+        """ 
+            sets the life of the session, irrespective of global settings. 
+            val is in seconds. 
+
+            django.contrib.sessions.models.TILL_BROWSER_CLOSE can also be passed
+            to ask django to quell session on browser close, overwriting global settings.
+        """
+        if val == TILL_BROWSER_CLOSE:
+            self["_expires_on"] = TILL_BROWSER_CLOSE
+        else:
+            self["_expires_on"] = datetime.datetime.now() + datetime.timedelta(seconds=val)
+
     def _get_session(self):
         # Lazily loads session from storage.
         self.accessed = True
@@ -92 +105 @@
                     obj = Session.objects.get_new_session_object()
                     session_key = obj.session_key
 
-                if settings.SESSION_EXPIRE_AT_BROWSER_CLOSE:
-                    max_age = None
-                    expires = None
-                else:
-                    max_age = settings.SESSION_COOKIE_AGE
-                    expires = datetime.datetime.strftime(datetime.datetime.utcnow() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE), "%a, %d-%b-%Y %H:%M:%S GMT")
-                new_session = Session.objects.save(session_key, request.session._session,
-                    datetime.datetime.now() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE))
-                response.set_cookie(settings.SESSION_COOKIE_NAME, session_key,
+                now = datetime.datetime.now()
+                delta_yield = now + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE)
+                if ( 
+                    (
+                        # if session is set to expire on browser close globally
+                        settings.SESSION_EXPIRE_AT_BROWSER_CLOSE and 
+                        # but someone did not set _expires_on, or set it to TILL_BROWSER_CLOSE
+                        request.session.get("_expires_on", TILL_BROWSER_CLOSE) == TILL_BROWSER_CLOSE
+                    ) or
+                    (
+                        # if someone asked as to expire on browser close irrespective of global setting
+                        request.session.get("_expires_on") == TILL_BROWSER_CLOSE 
+                    )
+                ):
+                    max_age = None # session expiry is simulated by cookie deletion. 
+                    expires = None # which is done by setting these two to None
+                else: # session need to be preserved, cookie has to be set
+                    delta_yield = request.session.get("_expires_on", delta_yield)
+                    max_age_timedelta = delta_yield - now
+                    max_age = max_age_timedelta.days * 24 * 60 * 60 + max_age_timedelta.seconds
+                    expires = datetime.datetime.strftime(delta_yield, "%a, %d-%b-%Y %H:%M:%S GMT")
+                Session.objects.save(session_key, request.session._session, delta_yield)
+                response.set_cookie(
+                    settings.SESSION_COOKIE_NAME, session_key,
                     max_age=max_age, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
-                    secure=settings.SESSION_COOKIE_SECURE or None)
+                    secure=settings.SESSION_COOKIE_SECURE or None
+                )
         return response

django/contrib/sessions/models.py

@@ -4 +4 @@
 from django.utils.translation import gettext_lazy as _
 from django.conf import settings
 
+TILL_BROWSER_CLOSE = -1
+
 class SessionManager(models.Manager):
     def encode(self, session_dict):
         "Returns the given session dictionary pickled and encoded as a string."

docs/sessions.txt

@@ -58 +58 @@
 
     * ``items()``
 
-It also has these three methods:
+It also has these four methods:
 
     * ``set_test_cookie()``
       Sets a test cookie to determine whether the user's browser supports
@@ -75 +75 @@
     * ``delete_test_cookie()``
       Deletes the test cookie. Use this to clean up after yourself.
 
+    * ``set_life(val)``
+      It takes an integer, number of seconds for which the session should be 
+      valid. It can also take django.contrib.session.models.TILL_BROWSER_CLOSE, 
+      that will quell the session at the close of browser. Calling set_life 
+      will overwrite the global/default session expiry policy. See 
+      `browser-length sessions vs. persistent sessions` for default session expiry
+      policy.
+
 You can edit ``request.session`` at any point in your view. You can edit it
 multiple times.
 
@@ -217 +225 @@
 her browser. Use this if you want people to have to log in every time they open
 a browser.
 
+These settings are global defaults, and can be overwritten by explicitly calling
+``request.session.set_life()`` as described above.
+
 Clearing the session table
 ==========================