Opened 10 years ago

Closed 8 years ago

Last modified 6 years ago

#8537 closed (fixed)

clarify session expiration

Reported by: anonymous Owned by: nobody
Component: Documentation Version: master
Severity: Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:


the "How to use sessions" documentation at is inaccurate in its description of session expiration. In particular, the definition of what constitutes "activity" and the meaning of the set_expiry() call should be clarified.

First, it appears from reviewing the code and observing the session code on my website, that "activity" that resets the sessions expiration time is anything that _writes_ to the session. Reading from the session does not seem to reset the expiration time.

Second, set_expiry(foo) where foo is a datetime does not set the expiration to that datetime's value. Instead it seems to compute a delta between now() and foo and then push the expiration time this far into the future every time the session is written to. Similarly, set_expiry(foo) where foo is a timedelta does not cause the session to expire in foo seconds in the future but instead causes the session's expiration to be pushed foo seconds into the future every time the session is written to.

Attachments (1)

8537.diff (949 bytes) - added by Tim Graham 8 years ago.

Download all attachments as: .zip

Change History (7)

comment:1 Changed 10 years ago by TP

Summary: TPclarify session expiration

comment:2 Changed 9 years ago by Chris Beaven

Keywords: session removed
Triage Stage: UnreviewedAccepted

Yep, explicitly documenting that only writes cause this time to reset seems reasonable.

Regarding the second point here, it belongs in a different ticket and it's invalid anyway - the expiry time is correctly set once, not every time the session is written to.

Changed 8 years ago by Tim Graham

Attachment: 8537.diff added

comment:3 Changed 8 years ago by Tim Graham

Has patch: set

comment:4 Changed 8 years ago by Chris Beaven

milestone: 1.2
Triage Stage: AcceptedReady for checkin

comment:5 Changed 8 years ago by Russell Keith-Magee

Resolution: fixed
Status: newclosed

(In [13113]) Fixed #8357 -- Clarified what constitutes activity when calculating session expiry. Thanks to timo for the patch.

comment:6 Changed 6 years ago by Jacob

milestone: 1.2

Milestone 1.2 deleted

Note: See TracTickets for help on using tickets.
Back to Top