Opened 2 years ago

Closed 5 months ago

#28763 closed New feature (fixed)

Allow SessionStore's to be easily overridden to make dynamic the session cookie age

Reported by: Jaime Herencia Enjuto Owned by: Hasan Ramezani
Component: contrib.sessions Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

If I want to make dynamic my SESSION_COOKIE_AGE setting based on certain parameters of the session I need to reimplement in my SessionStore subclasses the following methods:

  • get_expiry_age
  • get_expiry_date

just to override the points where settings.SESSION_COOKIE_AGE is used.

Change History (9)

comment:1 Changed 2 years ago by Jaime Herencia Enjuto

Has patch: set

I've created a pull request: https://github.com/django/django/pull/9318

Last edited 23 months ago by Ramiro Morales (previous) (diff)

comment:2 Changed 2 years ago by Jaime Herencia Enjuto

Summary: Allow SessionStore's to easily override or make dynamic the session cookie ageAllow SessionStore's to be easily overridden to make dynamic the session cookie age

comment:3 Changed 2 years ago by Tomer Chachamu

Owner: changed from nobody to Tomer Chachamu
Status: newassigned
Triage Stage: UnreviewedAccepted

That seems useful.

comment:4 Changed 2 years ago by Tomer Chachamu

Owner: Tomer Chachamu deleted
Status: assignednew
Triage Stage: AcceptedUnreviewed

Actually, it looks like you can call SessionStore.set_expiry? One place to do so would be in a middleware that's listed below the session middleware, when processing a response.

class SessionExpiryPolicyMiddleware(object):
    def __init__(self, get_response):
        self.get_response = get_response
   
    def __call__(self, request):

        response = self.get_response(request)

        if response.session.modified and response.status_code != 500:
             response.session.set_expiry(response.session.calculate_expiry())

        return response

comment:5 Changed 2 years ago by Jaime Herencia Enjuto

You are right that could be a way to achieve this, I know there are other ways to do this but don't you think that the responsible of calculating Session expirations should be the SessionStore not a middleware?

comment:6 Changed 2 years ago by Tomer Chachamu

I think it would be worth discussing in the django-developers mailing list.

comment:7 Changed 22 months ago by Tim Graham

Needs tests: set
Triage Stage: UnreviewedAccepted

A test should be added so the change isn't inadvertently refactored away.

comment:8 Changed 5 months ago by felixxm

Needs tests: unset
Owner: set to Hasan Ramezani
Status: newassigned

comment:9 Changed 5 months ago by Mariusz Felisiak <felisiak.mariusz@…>

Resolution: fixed
Status: assignedclosed

In 9d6f981a:

Fixed #28763 -- Allowed overriding the session cookie age with SessionStore.get_session_cookie_age().

Note: See TracTickets for help on using tickets.
Back to Top