Monday, January 31, 2011


Dear Tom

Thanks for your comment.

My use case is a "presence"-type system. When a user logs out their
status change is sent out to all other logged-in users (using comet).
If they just close the browser this doesn't happen. I'm mulling over
two possible solutions:

(a) some bit of javascript that will logout the user if they close the
browser or navigate away from the site (but I don't know if you can do
the former with js; and the latter to work properly if they have other
tabs still on the site). It requires javascript, but it's a fairly
javascript-heavy site anyway.

(b) something using SESSION_COOKIE_AGE. Set it to a few minutes and
have something running that will logout any users with expired
sessions (and delete the session too). Unfortunately the javascript
GET requests for the comet don't go through django, so they won't keep
the session alive. Setting SESSION_COOKIE_AGE too low will risk
logging out against users' wishes, but setting it to much more than a
few minutes will render this solution useless. This solution doesn't
feel right at all.

If (a) is possible I think I'll go with that.



On Jan 31, 2:42 pm, Tom Evans <> wrote:
> On Mon, Jan 31, 2011 at 2:21 PM, Ivan Uemlianin <> wrote:
> > Dear All
> > Is the setting SESSION_EXPIRE_AT_BROWSER_CLOSE mis-named?  As far as I
> > can tell the setting doesn't influence the session expiry at all
> > (e.g., what happens to the django_session table on the server).  What
> > this setting seems to affect is the expiry of the *cookie* in the
> > browser.
> > I'm looking into a way for django to detect users no longer on the
> > site (i.e. authenticated users who rather than logout, have navigated
> > away from the site or closed their browser).  From the name, I had
> > thought this setting would be useful.  It looks like it'll be useful
> > for the client side, but for the server side it's irrelevant surely?
> > A clearer name would be something like
> > Best wishes
> > Ivan
> The result of the session cookie expiring is that the session key
> stored in that cookie is no longer retained by the browser, and
> effectively, the session has expired. Whilst I see your point, it's a
> bit pedantic and unlikely to be changed.
> The only way to determine if the user is still active if they do not
> actively log out is to treat them as logged in if they have an 'active
> session'. How you define 'active session' is up to you; I treat any
> unexpired session as active, and set settings.SESSION_COOKIE_AGE to
> something appropriate (2 week long sessions do not appeal to me).
> I can then answer the question "How many distinct sessions are
> currently active" (not "How many distinct users are currently active",
> nor "How many users are currently using the site").
> Cheers
> Tom

You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to
To unsubscribe from this group, send email to
For more options, visit this group at

No comments:

Post a Comment