Django developers, I'm using Django 3.0 with sessions on my websites, Speedy Net <https://www.speedy.net/> and Speedy Match <https://www.speedymatch.com/>. I understand that sessions as they are now (in Django 3.0) will be changed and removed in Django 4.0. I would like to know how will it affect the users of my websites? Will it log out any user who didn't visit the site from Django 3.1 to Django 3.2, or will it also log out any user who didn't login again to the website using Django 3.1 and 3.2? I use persistent sessions and cookies for ~30 years, and I expect sessions to keep working when I upgrade Django. I think I can handle logging out users who didn't visit the site for ~16 months, but I can't handle users who visited the site as authenticated users but didn't login again in more than ~16 months - this will mean that when I upgrade (eventually) to Django 4.0, most of my users will suddenly be logged out (who should be logged in). Is there a way to overcome this? Are sessions objects created by the website other than when users log in? This deprecation can cause me not to want to upgrade Django to 4.0, which is a shame. I upgraded all versions of Django from 1.8 to 3.0, and I'm about to upgrade to 3.1 as well. I also had a problem when I upgraded to Django 2.1, which affected my users, and there was a bug for about 6 weeks on my website, because of introducing *SESSION_COOKIE_SAMESITE* with the default 'Lax' in Django 2.1 [ https://stackoverflow.com/questions/59298548/set-cookie-is-not-working-in-chrome-with-two-websites]. Due to this bug my website didn't work properly for about 6 weeks. And I don't want to cause more problems when I upgrade Django to 4.0. Actually I would like the window to be wider - for example, log out users who didn't visit the website for 2 or 3 years, and anyway convert their sessions automatically without forcing them to login again (if they visited my websites during this time). Will sessions be converted automatically or can I cause them to be converted automatically to the new format and hashing algorithm, while using Django 3.1 and 3.2, before I upgrade Django to 4.0?
By the way, both my websites are configured to log in and log out users together - if they log in or log out from one website, they should be automatically logged in or logged out from the other domain too. Is it possible to change the sessions deprecation Django version so that users will have about 2 or 3 years to convert their sessions? Thanks, אורי (Uri) [email protected] -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CABD5YeHY_%3DBaZyi0L%2Bp0tFmrJsFZp3V9n3JfR%3D925-440RnsRA%40mail.gmail.com.
