id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
18458	Method session.get_expiry_age() does not return what the doc says	martin.bouladour@…	nobody	"This is either a bug in the doc or in the code.

The doc for the !SessionBase.get_expiry_age() method [1] says:

''get_expiry_age()[[BR]]Returns the number of seconds until this session expires. For sessions with no custom expiration (or those set to expire at browser close), this will equal SESSION_COOKIE_AGE.''

This means that it should return the session's remaining time to live when expiration has been customized using one of these:[[BR]]
A) {{{set_expiry(seconds) # integer != 0}}}[[BR]]
B) {{{set_expiry(datetime)}}}[[BR]]
C) {{{set_expiry(timedelta)}}}

It works as documented in the cases B and C. But when set_expiry() has been used with seconds (A), then get_expiry_age() does the unexpected thing of returning the exact value that has been passed to set_expiry(). In other words, when you give 300 to set_expiry(), get_expiry_age() will always return 300. That is not “the number of seconds until this session expires”.

Looking at the code [2], it is obvious that a difference is calculated only when the expiry value is a datetime:

{{{
    def get_expiry_age(self):
        """"""Get the number of seconds until the session expires.""""""
        expiry = self.get('_session_expiry')
        if not expiry: # Checks both None and 0 cases
            return settings.SESSION_COOKIE_AGE
        if not isinstance(expiry, datetime):
            return expiry
        delta = expiry - timezone.now()
        return delta.days * 86400 + delta.seconds
}}}

I'm not sure about the purpose of this method and I don't know the design decisions that led to it, but I assume that if you don't want this function to use the session's last-modified datetime, then you may just need to edit the documentation to clarify this point (and maybe the docstring).

On the other hand, in my humble opinion, I think that this method’s behavior is quite surprising (even if it were working as documented) because the value it returns really depends on how the expiration has been defined. I believe it would be nice to make it return the number of seconds until the session expires for ''any'' active session, with no exceptional cases. And while we're at it, maybe also rename it to something that reflect better what it does, for instance ""get_remaining_time_to_live"" or ""get_time_left"". (Then again, maybe I didn't understand the purpose of this method.)

I hope this is helping.

Anyway, thank you all for this great framework!

Martin Bouladour

[1] https://docs.djangoproject.com/en/1.4/topics/http/sessions/#django.contrib.sessions.backends.base.SessionBase.get_expiry_age

[2] https://github.com/django/django/blob/1.4/django/contrib/sessions/backends/base.py#L170"	Bug	closed	contrib.sessions	1.4	Normal	fixed	session expiration expiry age get_expiry_age		Accepted	0	0	0	0	0	0