Opened 10 years ago

Closed 9 years ago

Last modified 9 years ago

#832 closed defect (invalid)

[patch] Sessions should be able to expire at the end of a browser session

Reported by: Esaj Owned by: adrian
Component: Core (Other) Version:
Severity: normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

Sessions should be able to expire at the end of a browser session i.e. by not setting the Expires value in the Set-Cookie header. We'd still need a MAX_COOKIE_AGE so that stale sessions are removed from the database.

This kind of thing is useful for users of public terminals, where you don't want to be left logged in even when you've close the browser.

Attachments (1)

sessions.diff (2.2 KB) - added by Esaj 10 years ago.
Add a SESSION_COOKIE_PERSIST setting

Download all attachments as: .zip

Change History (5)

Changed 10 years ago by Esaj

Add a SESSION_COOKIE_PERSIST setting

comment:1 Changed 10 years ago by Esaj <jason at jasondavies.com>

  • Summary changed from Sessions should be able to expire at the end of a browser session to [patch] Sessions should be able to expire at the end of a browser session

comment:2 Changed 10 years ago by Esaj

Another possibility would be to add a "persistent" flag to the core sessions model. One could then have a login form with a "Remember my settings" checkbox, for example, to choose whether to persist cookies on a per-session basis. I can submit a patch if anyone is interested in this. The above patch solves my itch for now :)

comment:3 Changed 10 years ago by derelm

such a "persistent" flag sounds great to me!

comment:4 Changed 9 years ago by jacob

  • Resolution set to invalid
  • Status changed from new to closed

A "persistant" flag sounds like a better idea; marking invalid until there's a new patch.

Note: See TracTickets for help on using tickets.
Back to Top