I don't know if I'm getting it all right... The test cookie's age is the same as the age of any other cookie.
My application is using views/auth/login.py, SESSION_SAVE_EVERY_REQUEST = True, and SESSION_COOKIE_AGE = 600. Let's have the following scenario. A user logs out of the application. This will bring it to the login screen, with the test cookie posted. Another user comes in fifteen minutes (the test cookie has expired), and cannot log in because the computer says, "Your Web browser doesn't appear to have cookies enabled." Of course, logging in again right at the moment afterwards puts the user right through. I'm trying to say the use case for the test cookie might be different from the ordinary cookies. What do you think? My question is, can I set the test cookie's age close to infinity? Won't this pose a security risk? TIA, Jiri
