clarify session expiration
|Reported by:||anonymous||Owned by:||nobody|
|Cc:||Triage Stage:||Ready for checkin|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
the "How to use sessions" documentation at http://www.djangoproject.com/documentation/sessions/ is inaccurate in its description of session expiration. In particular, the definition of what constitutes "activity" and the meaning of the set_expiry() call should be clarified.
First, it appears from reviewing the code and observing the session code on my website, that "activity" that resets the sessions expiration time is anything that _writes_ to the session. Reading from the session does not seem to reset the expiration time.
Second, set_expiry(foo) where foo is a datetime does not set the expiration to that datetime's value. Instead it seems to compute a delta between now() and foo and then push the expiration time this far into the future every time the session is written to. Similarly, set_expiry(foo) where foo is a timedelta does not cause the session to expire in foo seconds in the future but instead causes the session's expiration to be pushed foo seconds into the future every time the session is written to.
Change History (7)
comment:1 Changed 6 years ago by TP
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
- Summary changed from TP to clarify session expiration
comment:2 Changed 5 years ago by SmileyChris
- Keywords session removed
- Triage Stage changed from Unreviewed to Accepted
Changed 4 years ago by timo
comment:4 Changed 4 years ago by SmileyChris
- milestone set to 1.2
- Triage Stage changed from Accepted to Ready for checkin