I believe that is the intended behaviour. When I use a banking site for example, I don't want to be disconnected while doing operations 5 minutes after login in. I want the session to expire when I stop using it.
Django's session middleware try to solve that use case which is what is needed 95% of the time. As your need is different, you will need something different than what django provide. Using a custom session store might be the simplest way. Inherit the one you are using and redefine get_expiry_age to return the remaining time to live. On 24 Dec 2016 3:46 p.m., "王超" <wcs...@gmail.com> wrote: <https://lh3.googleusercontent.com/-MCd2-kRHmNg/WF44kxNVDNI/AAAAAAAAAAg/0Xf_TpG1YAUVUzpzdNyb3ZYpxiveGQlfQCLcB/s1600/session_bug.png> django version is 1.10.4 Jsut as the source code shows, session middleware will refresh expires_time with value time.*time*()+max_age, if the the status code of response is not 500. What was really weird is the variable `*max_age*` , which returned by function `request.session.*get_expiry_age*()`, always equals to settings.SESSION_COOKIE_AGE (positive integer). that leads to '*expire_date*' stored in `django_session` table, is bigger time.*time*(). In the other words, this session item never expired in back-end db!!! what's more, session middleware will send the new `expires` to browser by call function response.*set_cookie*(), which means this session item never expired in user's browser too !!! As pratical example, I set settings.SESSION_COOKIE_AGE=30. as long as I visited my site during `SESSION_COOKIE_AGE` , the cookie with session_key will persist forever ! What I want is that django will force session to expire if time past `SESSION_COOKIE_AGE` seconds after the moment session_key generated. So how to config my project ? -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/ msgid/django-users/030c570c-e085-431c-817f-27eb70e069d7%40googlegroups.com <https://groups.google.com/d/msgid/django-users/030c570c-e085-431c-817f-27eb70e069d7%40googlegroups.com?utm_medium=email&utm_source=footer> . For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAEuG%2BTbAQn7xKzubpBt3824GGhG4CGip1jg6cEkFFOxDLCi9bA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
