Opened 2 weeks ago

Last modified 12 days ago

#28763 new New feature

Allow SessionStore's to be easily overridden to make dynamic the session cookie age

Reported by: Jaime Herencia Enjuto Owned by:
Component: contrib.sessions Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

If I want to make dynamic my SESSION_COOKIE_AGE setting based on certain parameters of the session I need to reimplement in my SessionStore subclasses the following methods:

  • get_expiry_age
  • get_expiry_date

just to override the points where settings.SESSION_COOKIE_AGE is used.

Change History (6)

comment:1 Changed 2 weeks ago by Jaime Herencia Enjuto

Has patch: set

I've created a pull request: https://github.com/django/django/pull/9314

comment:2 Changed 2 weeks ago by Jaime Herencia Enjuto

Summary: Allow SessionStore's to easily override or make dynamic the session cookie ageAllow SessionStore's to be easily overridden to make dynamic the session cookie age

comment:3 Changed 2 weeks ago by Tomer Chachamu

Owner: changed from nobody to Tomer Chachamu
Status: newassigned
Triage Stage: UnreviewedAccepted

That seems useful.

comment:4 Changed 2 weeks ago by Tomer Chachamu

Owner: Tomer Chachamu deleted
Status: assignednew
Triage Stage: AcceptedUnreviewed

Actually, it looks like you can call SessionStore.set_expiry? One place to do so would be in a middleware that's listed below the session middleware, when processing a response.

class SessionExpiryPolicyMiddleware(object):
    def __init__(self, get_response):
        self.get_response = get_response
   
    def __call__(self, request):

        response = self.get_response(request)

        if response.session.modified and response.status_code != 500:
             response.session.set_expiry(response.session.calculate_expiry())

        return response

comment:5 Changed 2 weeks ago by Jaime Herencia Enjuto

You are right that could be a way to achieve this, I know there are other ways to do this but don't you think that the responsible of calculating Session expirations should be the SessionStore not a middleware?

comment:6 Changed 12 days ago by Tomer Chachamu

I think it would be worth discussing in the django-developers mailing list.

Note: See TracTickets for help on using tickets.
Back to Top