Opened 19 years ago

Closed 19 years ago

Last modified 18 years ago

#832 closed defect (invalid)

[patch] Sessions should be able to expire at the end of a browser session

Reported by: Esaj Owned by: Adrian Holovaty
Component: Core (Other) Version:
Severity: normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Sessions should be able to expire at the end of a browser session i.e. by not setting the Expires value in the Set-Cookie header. We'd still need a MAX_COOKIE_AGE so that stale sessions are removed from the database.

This kind of thing is useful for users of public terminals, where you don't want to be left logged in even when you've close the browser.

Attachments (1)

sessions.diff (2.2 KB ) - added by Esaj 19 years ago.
Add a SESSION_COOKIE_PERSIST setting

Download all attachments as: .zip

Change History (5)

by Esaj, 19 years ago

Attachment: sessions.diff added

Add a SESSION_COOKIE_PERSIST setting

comment:1 by Esaj <jason at jasondavies.com>, 19 years ago

Summary: Sessions should be able to expire at the end of a browser session[patch] Sessions should be able to expire at the end of a browser session

comment:2 by Esaj, 19 years ago

Another possibility would be to add a "persistent" flag to the core sessions model. One could then have a login form with a "Remember my settings" checkbox, for example, to choose whether to persist cookies on a per-session basis. I can submit a patch if anyone is interested in this. The above patch solves my itch for now :)

comment:3 by derelm, 19 years ago

such a "persistent" flag sounds great to me!

comment:4 by Jacob, 19 years ago

Resolution: invalid
Status: newclosed

A "persistant" flag sounds like a better idea; marking invalid until there's a new patch.

Note: See TracTickets for help on using tickets.
Back to Top