Changes between Initial Version and Version 1 of Ticket #18194, comment 12
- Timestamp:
- Oct 27, 2012, 4:24:53 PM (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #18194, comment 12
initial v1 9 9 The default session expiration policy is: 10 10 - client-side: expire after `settings.SESSION_COOKIE_AGE` seconds if `settings.SESSION_EXPIRE_AT_BROWSER_CLOSE = False` (default), at browser close otherwise 11 - server-side: expire after `settings.SESSION_COOKIE_AGE` (no matter the value of `settings.SESSION_EXPIRE_AT_BROWSER_CLOSE = False`)11 - server-side: expire after `settings.SESSION_COOKIE_AGE` (no matter the value of `settings.SESSION_EXPIRE_AT_BROWSER_CLOSE`) 12 12 13 13 When a non-default expiration is set with `session.set_expiry(...)`, it is saved in the session under the `_session_expiry` key. The semantic of this value is: … … 27 27 - '''cache''': the expiry age is computed and passed to the cache engine. The cache engine is responsible for not returning stale data. Since correct expiry is a major feature for a cache, I think we can rely on cache engine to enforce expiry properly. There's no need to clear expired sessions, the cache does it by itself. 28 28 29 - '''cached_db''': there's a bug here — expiry age is hardcoded to `settings.SESSION_COOKIE_AGE` instead of `session.get_expiry_age()`. Otherwise it should work like '''cache''' and '''db'''. 29 - '''cached_db''': there's a bug here — expiry age is hardcoded to `settings.SESSION_COOKIE_AGE` instead of `session.get_expiry_age()`. Otherwise it should work like '''cache''' and '''db'''. ''EDIT: fixed in 04b00b668d0d56c37460cbed19671f4b1b5916c3.'' 30 30 31 31 - '''db''': the session expiry date is computed and stored alongside the session data when the session is saved. Only sessions whose expiry dates are in the future can be re-loaded. Sessions whose expiry dates are in the past can be cleared. … … 33 33 - '''file''': the session expiry date isn't stored. It can be rebuilt with the algorithm of `session.get_expiry_age()`, by substituting the file's last modification time to `timezone.now()`. The patches above attempt to do that in order to clear expired sessions. 34 34 35 - '''signed_cookies''': server-side expiration is provided by timestamping and signing the cookies. However non-default expiry dates aren't handled; the maximum expiration time is hardcoded at `settings.SESSION_COOKIE_AGE`. There's no need to clear expired sessions because they're stored client-side. 35 - '''signed_cookies''': server-side expiration is provided by timestamping and signing the cookies. However non-default expiry dates aren't handled; the maximum expiration time is hardcoded at `settings.SESSION_COOKIE_AGE`. There's no need to clear expired sessions because they're stored client-side. ''Edit: could be fixed in the context of #19201'' 36 36 37 37 ----