Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#19200 closed Bug (fixed)

cached_db backend doesn't honor expiry time

Reported by: aaugustin Owned by: nobody
Component: contrib.sessions Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The expiration time is hardcoded to settings.SESSION_COOKIE_AGE instead of self.get_expiry_age().

This bug report is based upon a code review. I will try to write a test case.

Change History (5)

comment:1 Changed 2 years ago by aaugustin

  • Summary changed from cached_db and signed_cookies backends don't honor expiry time to cached_db backend doesn't honor expiry time

This will be easy to fix for cached_db, and very hard for signed_cookies.

Signed cookies store the date of the signature, and the verification function takes a maximum age. Unfortunately, the maximum age is known when the cookie is signed, not when it's verified. Fixing this problem for signed cookies requires a redesign of the way session expiration is handled, which is covered by #19201.

I'm updating the title to restrict this ticket to cached_db.

comment:2 Changed 2 years ago by Aymeric Augustin <aymeric.augustin@…>

  • Resolution set to fixed
  • Status changed from new to closed

In 0fe02feab43aa0f0d0608de85cff7183055e6dd7:

[1.5.x] Fixed #19200 -- Session expiry with cached_db

Also did a little bit of cleanup.

Backport of 04b00b6 from master.

comment:3 Changed 2 years ago by Aymeric Augustin <aymeric.augustin@…>

In 04b00b668d0d56c37460cbed19671f4b1b5916c3:

Fixed #19200 -- Session expiry with cached_db

Also did a little bit of cleanup.

comment:4 Changed 2 years ago by Aymeric Augustin <aymeric.augustin@…>

In 882c47cd405cfd29194f2e968678a5aa1d6ec75f:

Improved tests introduced in 04b00b6.

These tests are expected to fail for the file session backend because it
doesn't handle expiry properly. They didn't because of an error in the
test setup sequence.

Refs #19200, #18194.

comment:5 Changed 2 years ago by Aymeric Augustin <aymeric.augustin@…>

In e6b0ee768c46368a41a5b278180d1d1ecbd3d5c6:

[1.5.x] Improved tests introduced in 04b00b6.

These tests are expected to fail for the file session backend because it
doesn't handle expiry properly. They didn't because of an error in the
test setup sequence.

Refs #19200, #18194.

Backport of 882c47c from master.

Note: See TracTickets for help on using tickets.
Back to Top