Opened 12 years ago

Closed 12 years ago

Last modified 12 years ago

#19200 closed Bug (fixed)

cached_db backend doesn't honor expiry time

Reported by: Aymeric Augustin Owned by: nobody
Component: contrib.sessions Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The expiration time is hardcoded to settings.SESSION_COOKIE_AGE instead of self.get_expiry_age().

This bug report is based upon a code review. I will try to write a test case.

Change History (5)

comment:1 by Aymeric Augustin, 12 years ago

Summary: cached_db and signed_cookies backends don't honor expiry timecached_db backend doesn't honor expiry time

This will be easy to fix for cached_db, and very hard for signed_cookies.

Signed cookies store the date of the signature, and the verification function takes a maximum age. Unfortunately, the maximum age is known when the cookie is signed, not when it's verified. Fixing this problem for signed cookies requires a redesign of the way session expiration is handled, which is covered by #19201.

I'm updating the title to restrict this ticket to cached_db.

comment:2 by Aymeric Augustin <aymeric.augustin@…>, 12 years ago

Resolution: fixed
Status: newclosed

In 0fe02feab43aa0f0d0608de85cff7183055e6dd7:

[1.5.x] Fixed #19200 -- Session expiry with cached_db

Also did a little bit of cleanup.

Backport of 04b00b6 from master.

comment:3 by Aymeric Augustin <aymeric.augustin@…>, 12 years ago

In 04b00b668d0d56c37460cbed19671f4b1b5916c3:

Fixed #19200 -- Session expiry with cached_db

Also did a little bit of cleanup.

comment:4 by Aymeric Augustin <aymeric.augustin@…>, 12 years ago

In 882c47cd405cfd29194f2e968678a5aa1d6ec75f:

Improved tests introduced in 04b00b6.

These tests are expected to fail for the file session backend because it
doesn't handle expiry properly. They didn't because of an error in the
test setup sequence.

Refs #19200, #18194.

comment:5 by Aymeric Augustin <aymeric.augustin@…>, 12 years ago

In e6b0ee768c46368a41a5b278180d1d1ecbd3d5c6:

[1.5.x] Improved tests introduced in 04b00b6.

These tests are expected to fail for the file session backend because it
doesn't handle expiry properly. They didn't because of an error in the
test setup sequence.

Refs #19200, #18194.

Backport of 882c47c from master.

Note: See TracTickets for help on using tickets.
Back to Top