expire time in session being updated frequently
|Reported by:||TP||Owned by:||nobody|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
We noticed that one of our user's session info in django_session has it's expire date moved into the future periodically. We are not calling set_expiry() on the session. My understanding was that the expire date was a constant for a given session key -- it is set when the session is created and never changes unless set_expiry() is called.
While reading through the Django Sessions docs, though, I noticed this bit:
To change this default behavior, set the SESSION_SAVE_EVERY_REQUEST setting to True. If SESSION_SAVE_EVERY_REQUEST is True, Django will save the session to the database on every single request. Note that the session cookie is only sent when a session has been created or modified. If SESSION_SAVE_EVERY_REQUEST is True, the session cookie will be sent on every request. Similarly, the expires part of a session cookie is updated each time the session cookie is sent.
Does this mean that the cookie is sent whenever the session data changes and that this triggers the expiration date to move forward? If so, why is that? It seems that's the wrong behavior since I would think the expiration of someone's remembered login etc would have nothing to do with when the session data was last updated.