Opened 7 years ago

Closed 5 years ago

Last modified 4 years ago

#8537 closed (fixed)

clarify session expiration

Reported by: anonymous Owned by: nobody
Component: Documentation Version: master
Severity: Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

the "How to use sessions" documentation at http://www.djangoproject.com/documentation/sessions/ is inaccurate in its description of session expiration. In particular, the definition of what constitutes "activity" and the meaning of the set_expiry() call should be clarified.

First, it appears from reviewing the code and observing the session code on my website, that "activity" that resets the sessions expiration time is anything that _writes_ to the session. Reading from the session does not seem to reset the expiration time.

Second, set_expiry(foo) where foo is a datetime does not set the expiration to that datetime's value. Instead it seems to compute a delta between now() and foo and then push the expiration time this far into the future every time the session is written to. Similarly, set_expiry(foo) where foo is a timedelta does not cause the session to expire in foo seconds in the future but instead causes the session's expiration to be pushed foo seconds into the future every time the session is written to.

Attachments (1)

8537.diff (949 bytes) - added by timo 5 years ago.

Download all attachments as: .zip

Change History (7)

comment:1 Changed 7 years ago by TP

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Summary changed from TP to clarify session expiration

comment:2 Changed 7 years ago by SmileyChris

  • Keywords session removed
  • Triage Stage changed from Unreviewed to Accepted

Yep, explicitly documenting that only writes cause this time to reset seems reasonable.

Regarding the second point here, it belongs in a different ticket and it's invalid anyway - the expiry time is correctly set once, not every time the session is written to.

Changed 5 years ago by timo

comment:3 Changed 5 years ago by timo

  • Has patch set

comment:4 Changed 5 years ago by SmileyChris

  • milestone set to 1.2
  • Triage Stage changed from Accepted to Ready for checkin

comment:5 Changed 5 years ago by russellm

  • Resolution set to fixed
  • Status changed from new to closed

(In [13113]) Fixed #8357 -- Clarified what constitutes activity when calculating session expiry. Thanks to timo for the patch.

comment:6 Changed 4 years ago by jacob

  • milestone 1.2 deleted

Milestone 1.2 deleted

Note: See TracTickets for help on using tickets.
Back to Top