#19200 closed Bug (fixed)
cached_db backend doesn't honor expiry time
Reported by: | Aymeric Augustin | Owned by: | nobody |
---|---|---|---|
Component: | contrib.sessions | Version: | dev |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
The expiration time is hardcoded to settings.SESSION_COOKIE_AGE
instead of self.get_expiry_age()
.
This bug report is based upon a code review. I will try to write a test case.
Change History (5)
comment:1 by , 12 years ago
Summary: | cached_db and signed_cookies backends don't honor expiry time → cached_db backend doesn't honor expiry time |
---|
comment:2 by , 12 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
This will be easy to fix for cached_db, and very hard for signed_cookies.
Signed cookies store the date of the signature, and the verification function takes a maximum age. Unfortunately, the maximum age is known when the cookie is signed, not when it's verified. Fixing this problem for signed cookies requires a redesign of the way session expiration is handled, which is covered by #19201.
I'm updating the title to restrict this ticket to cached_db.