#832 closed defect (invalid)
[patch] Sessions should be able to expire at the end of a browser session
| Reported by: | Esaj | Owned by: | Adrian Holovaty |
|---|---|---|---|
| Component: | Core (Other) | Version: | |
| Severity: | normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Sessions should be able to expire at the end of a browser session i.e. by not setting the Expires value in the Set-Cookie header. We'd still need a MAX_COOKIE_AGE so that stale sessions are removed from the database.
This kind of thing is useful for users of public terminals, where you don't want to be left logged in even when you've close the browser.
Attachments (1)
Change History (5)
by , 20 years ago
| Attachment: | sessions.diff added |
|---|
comment:1 by , 20 years ago
| Summary: | Sessions should be able to expire at the end of a browser session → [patch] Sessions should be able to expire at the end of a browser session |
|---|
comment:2 by , 20 years ago
Another possibility would be to add a "persistent" flag to the core sessions model. One could then have a login form with a "Remember my settings" checkbox, for example, to choose whether to persist cookies on a per-session basis. I can submit a patch if anyone is interested in this. The above patch solves my itch for now :)
comment:4 by , 20 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
A "persistant" flag sounds like a better idea; marking invalid until there's a new patch.
Add a SESSION_COOKIE_PERSIST setting