#19200 closed Bug (fixed)
cached_db backend doesn't honor expiry time
| Reported by: | Aymeric Augustin | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.sessions | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
The expiration time is hardcoded to settings.SESSION_COOKIE_AGE instead of self.get_expiry_age().
This bug report is based upon a code review. I will try to write a test case.
Change History (5)
comment:1 by , 13 years ago
| Summary: | cached_db and signed_cookies backends don't honor expiry time → cached_db backend doesn't honor expiry time |
|---|
comment:2 by , 13 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
This will be easy to fix for cached_db, and very hard for signed_cookies.
Signed cookies store the date of the signature, and the verification function takes a maximum age. Unfortunately, the maximum age is known when the cookie is signed, not when it's verified. Fixing this problem for signed cookies requires a redesign of the way session expiration is handled, which is covered by #19201.
I'm updating the title to restrict this ticket to cached_db.