Re: [Django] #18194: File-based session never expire

Fri, 26 Oct 2012 15:32:36 -0700 

#18194: File-based session never expire
----------------------------------+-------------------------------------
     Reporter:  ej                |                    Owner:  aaugustin
         Type:  Bug               |                   Status:  new
    Component:  contrib.sessions  |                  Version:  master
     Severity:  Release blocker   |               Resolution:
     Keywords:                    |             Triage Stage:  Accepted
    Has patch:  1                 |      Needs documentation:  0
  Needs tests:  0                 |  Patch needs improvement:  0
Easy pickings:  0                 |                    UI/UX:  0
----------------------------------+-------------------------------------
Changes (by Elvard):

 * cc: tomas.ehrlich@… (added)
 * version:  1.4 => master


Comment:

 Replying to [comment:8 crodjer]:

 > >TimestampSigner unfortunatelly doesn't support change of time.
 > I am not sure if I get this point. As far as I know We can modify the
 time for TimeStameSigner while unsigning. It'll verify based on the second
 argument of `signer.unsign`:
 >
 > {{{
 > signer.unsign(data, age)
 > }}}
 >
 > We can have `settings.SESSION_COOKIE_AGE` in place of `age` parameter.

 It's probably just a detail. DB backend stores datetime of
 '''expiration''', while file-based backend stores datetime of
 '''signing'''.

 In database backend I can do:

 {{{#!python
 session = SessionBase()
 session[...] = ...  # set data
 session.set_expiry(arbitraty_time_in_future)
 session.save()
 }}}

 Now we have database record with expiration_date set to
 'arbitrary_time_in_future' (which doesn't depend on SESSION_COOKIE_AGE).

 While in file-based backend, using TimestampSigner, I can't set arbitrary
 expiration_date independent on SESSION_COOKIE_AGE because I can't store
 expiration_date along with data. Whole file containing data is signed and
 current timestamp is stored.

 Probably it's not a big issue. I've came across it when I was trying to
 write unit tests.

-- 
Ticket URL: <https://code.djangoproject.com/ticket/18194#comment:11>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to