clarify session expiration
the "How to use sessions" documentation at http://www.djangoproject.com/documentation/sessions/ is inaccurate in its description of session expiration. In particular, the definition of what constitutes "activity" and the meaning of the set_expiry() call should be clarified.
First, it appears from reviewing the code and observing the session code on my website, that "activity" that resets the sessions expiration time is anything that _writes_ to the session. Reading from the session does not seem to reset the expiration time.
Second, set_expiry(foo) where foo is a datetime does not set the expiration to that datetime's value. Instead it seems to compute a delta between now() and foo and then push the expiration time this far into the future every time the session is written to. Similarly, set_expiry(foo) where foo is a timedelta does not cause the session to expire in foo seconds in the future but instead causes the session's expiration to be pushed foo seconds into the future every time the session is written to.
Change History
(7)
Summary: |
TP → clarify session expiration
|
Keywords: |
session removed
|
Triage Stage: |
Unreviewed → Accepted
|
milestone: |
→ 1.2
|
Triage Stage: |
Accepted → Ready for checkin
|
Resolution: |
→ fixed
|
Status: |
new → closed
|
Yep, explicitly documenting that only writes cause this time to reset seems reasonable.
Regarding the second point here, it belongs in a different ticket and it's invalid anyway - the expiry time is correctly set once, not every time the session is written to.