id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 10518 Idle timeouts do not clear session information Huuuze nobody "I have set the SESSION_COOKIE_AGE value in my settings.py file to expire sessions after 1 hour. Django successfully logs the user out of the session, however, the backend does not behave as one would expect in this situation. If a user logged out under normal conditions (i.e., clicks a ""Logout"" link), the session information [http://docs.djangoproject.com/en/dev/topics/auth/?from=olddocs#django.contrib.auth.logout is cleared from the ""django.sessions"" table]. As such, I would expect an idle timeout (which is just a timed logout) to behave in the same manner. Unfortunately, Django simply creates a new session entry in the ""django.sessions"" table and the old, expired session remains in the table. The end result is a bloated ""django.sessions"" table that needs to be maintained through an external script." closed contrib.auth 1.0 invalid session timeout Unreviewed 0 0 0 0 0 0