Changes between Initial Version and Version 1 of Ticket #18194, comment 12


Ignore:
Timestamp:
10/27/2012 04:24:53 PM (3 years ago)
Author:
aaugustin
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #18194, comment 12

    initial v1  
    99The default session expiration policy is:
    1010- client-side: expire after `settings.SESSION_COOKIE_AGE` seconds if `settings.SESSION_EXPIRE_AT_BROWSER_CLOSE = False` (default), at browser close otherwise
    11 - server-side: expire after `settings.SESSION_COOKIE_AGE` (no matter the value of `settings.SESSION_EXPIRE_AT_BROWSER_CLOSE = False`)
     11- server-side: expire after `settings.SESSION_COOKIE_AGE` (no matter the value of `settings.SESSION_EXPIRE_AT_BROWSER_CLOSE`)
    1212
    1313When a non-default expiration is set with `session.set_expiry(...)`, it is saved in the session under the `_session_expiry` key. The semantic of this value is:
     
    2727- '''cache''': the expiry age is computed and passed to the cache engine. The cache engine is responsible for not returning stale data. Since correct expiry is a major feature for a cache, I think we can rely on cache engine to enforce expiry properly. There's no need to clear expired sessions, the cache does it by itself.
    2828
    29 - '''cached_db''': there's a bug here — expiry age is hardcoded to `settings.SESSION_COOKIE_AGE` instead of `session.get_expiry_age()`. Otherwise it should work like '''cache''' and '''db'''.
     29- '''cached_db''': there's a bug here — expiry age is hardcoded to `settings.SESSION_COOKIE_AGE` instead of `session.get_expiry_age()`. Otherwise it should work like '''cache''' and '''db'''. ''EDIT: fixed in 04b00b668d0d56c37460cbed19671f4b1b5916c3.''
    3030
    3131- '''db''': the session expiry date is computed and stored alongside the session data when the session is saved. Only sessions whose expiry dates are in the future can be re-loaded. Sessions whose expiry dates are in the past can be cleared.
     
    3333- '''file''': the session expiry date isn't stored. It can be rebuilt with the algorithm of `session.get_expiry_age()`, by substituting the file's last modification time to `timezone.now()`. The patches above attempt to do that in order to clear expired sessions.
    3434
    35 - '''signed_cookies''': server-side expiration is provided by timestamping and signing the cookies. However non-default expiry dates aren't handled; the maximum expiration time is hardcoded at `settings.SESSION_COOKIE_AGE`. There's no need to clear expired sessions because they're stored client-side.
     35- '''signed_cookies''': server-side expiration is provided by timestamping and signing the cookies. However non-default expiry dates aren't handled; the maximum expiration time is hardcoded at `settings.SESSION_COOKIE_AGE`. There's no need to clear expired sessions because they're stored client-side. ''Edit: could be fixed in the context of #19201''
    3636
    3737----
Back to Top