#11506: session.flush should not delete the old session
----------------------------------------------+-----------------------------
Reporter: Glenn | Owner: nobody
Status: new | Milestone:
Component: django.contrib.sessions | Version: SVN
Resolution: | Keywords:
Stage: Unreviewed | Has_patch: 1
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 0 |
----------------------------------------------+-----------------------------
Changes (by Glenn):
* needs_better_patch: => 0
* needs_tests: => 0
* needs_docs: => 0
Comment:
As a followup: this will still fail if the delayed request modifies the
session, since it'll refresh the cookie.
A fix would be to update the cookie only when the session hasn't been
updated in over some timeout (say, a minute); this is long enough to avoid
this race condition. This would have the nice side benefit of not sending
a Set-Cookie header for each and every request that modifies the session.
It's harder to implement cleanly, though, since the session rows hold an
expiry date, not a last-saved date. You can't reliably derive one from
the other after the fact, since the session expiry setting might have
changed. I'll leave this for further discussion.
--
Ticket URL: <http://code.djangoproject.com/ticket/11506#comment:1>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
