#18194: File-based session never expire ----------------------------------+------------------------------------- Reporter: ej | Owner: aaugustin Type: Bug | Status: new Component: contrib.sessions | Version: master Severity: Release blocker | Resolution: Keywords: | Triage Stage: Accepted Has patch: 1 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 0 Easy pickings: 0 | UI/UX: 0 ----------------------------------+------------------------------------- Changes (by Elvard):
* cc: tomas.ehrlich@… (added) * version: 1.4 => master Comment: Replying to [comment:8 crodjer]: > >TimestampSigner unfortunatelly doesn't support change of time. > I am not sure if I get this point. As far as I know We can modify the time for TimeStameSigner while unsigning. It'll verify based on the second argument of `signer.unsign`: > > {{{ > signer.unsign(data, age) > }}} > > We can have `settings.SESSION_COOKIE_AGE` in place of `age` parameter. It's probably just a detail. DB backend stores datetime of '''expiration''', while file-based backend stores datetime of '''signing'''. In database backend I can do: {{{#!python session = SessionBase() session[...] = ... # set data session.set_expiry(arbitraty_time_in_future) session.save() }}} Now we have database record with expiration_date set to 'arbitrary_time_in_future' (which doesn't depend on SESSION_COOKIE_AGE). While in file-based backend, using TimestampSigner, I can't set arbitrary expiration_date independent on SESSION_COOKIE_AGE because I can't store expiration_date along with data. Whole file containing data is signed and current timestamp is stored. Probably it's not a big issue. I've came across it when I was trying to write unit tests. -- Ticket URL: <https://code.djangoproject.com/ticket/18194#comment:11> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com. To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.