Monday, January 31, 2011

Re: mis-named setting? SESSION_EXPIRE_AT_BROWSER_CLOSE

On Mon, Jan 31, 2011 at 2:21 PM, Ivan Uemlianin <ivan@llaisdy.com> wrote:
> Dear All
>
> Is the setting SESSION_EXPIRE_AT_BROWSER_CLOSE mis-named?  As far as I
> can tell the setting doesn't influence the session expiry at all
> (e.g., what happens to the django_session table on the server).  What
> this setting seems to affect is the expiry of the *cookie* in the
> browser.
>
> I'm looking into a way for django to detect users no longer on the
> site (i.e. authenticated users who rather than logout, have navigated
> away from the site or closed their browser).  From the name, I had
> thought this setting would be useful.  It looks like it'll be useful
> for the client side, but for the server side it's irrelevant surely?
> A clearer name would be something like
> SESSION_COOKIE_EXPIRE_AT_BROWSER_CLOSE.
>
> Best wishes
>
> Ivan
>

The result of the session cookie expiring is that the session key
stored in that cookie is no longer retained by the browser, and
effectively, the session has expired. Whilst I see your point, it's a
bit pedantic and unlikely to be changed.

The only way to determine if the user is still active if they do not
actively log out is to treat them as logged in if they have an 'active
session'. How you define 'active session' is up to you; I treat any
unexpired session as active, and set settings.SESSION_COOKIE_AGE to
something appropriate (2 week long sessions do not appeal to me).
I can then answer the question "How many distinct sessions are
currently active" (not "How many distinct users are currently active",
nor "How many users are currently using the site").

Cheers

Tom

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

No comments:

Post a Comment