Code

Opened 21 months ago

Closed 21 months ago

Last modified 21 months ago

#19200 closed Bug (fixed)

cached_db backend doesn't honor expiry time

Reported by: aaugustin Owned by: nobody
Component: contrib.sessions Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The expiration time is hardcoded to settings.SESSION_COOKIE_AGE instead of self.get_expiry_age().

This bug report is based upon a code review. I will try to write a test case.

Attachments (0)

Change History (5)

comment:1 Changed 21 months ago by aaugustin

  • Summary changed from cached_db and signed_cookies backends don't honor expiry time to cached_db backend doesn't honor expiry time

This will be easy to fix for cached_db, and very hard for signed_cookies.

Signed cookies store the date of the signature, and the verification function takes a maximum age. Unfortunately, the maximum age is known when the cookie is signed, not when it's verified. Fixing this problem for signed cookies requires a redesign of the way session expiration is handled, which is covered by #19201.

I'm updating the title to restrict this ticket to cached_db.

comment:2 Changed 21 months ago by Aymeric Augustin <aymeric.augustin@…>

  • Resolution set to fixed
  • Status changed from new to closed

In 0fe02feab43aa0f0d0608de85cff7183055e6dd7:

[1.5.x] Fixed #19200 -- Session expiry with cached_db

Also did a little bit of cleanup.

Backport of 04b00b6 from master.

comment:3 Changed 21 months ago by Aymeric Augustin <aymeric.augustin@…>

In 04b00b668d0d56c37460cbed19671f4b1b5916c3:

Fixed #19200 -- Session expiry with cached_db

Also did a little bit of cleanup.

comment:4 Changed 21 months ago by Aymeric Augustin <aymeric.augustin@…>

In 882c47cd405cfd29194f2e968678a5aa1d6ec75f:

Improved tests introduced in 04b00b6.

These tests are expected to fail for the file session backend because it
doesn't handle expiry properly. They didn't because of an error in the
test setup sequence.

Refs #19200, #18194.

comment:5 Changed 21 months ago by Aymeric Augustin <aymeric.augustin@…>

In e6b0ee768c46368a41a5b278180d1d1ecbd3d5c6:

[1.5.x] Improved tests introduced in 04b00b6.

These tests are expected to fail for the file session backend because it
doesn't handle expiry properly. They didn't because of an error in the
test setup sequence.

Refs #19200, #18194.

Backport of 882c47c from master.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.