Wednesday, July 25, 2018

Re: Some Doubts on Session Expiries

On woensdag 25 juli 2018 21:05:27 CEST vineeth sagar wrote:
> Hi,
>
> I have been going crazy for the past few days trying to understand
> sessions, my settings.py file as the following,
>
> SESSION_SAVE_EVERY_REQUEST=True
> SESSION_COOKIE_AGE=2*60
>
> Now whenever a request is initiated shoudn't the expiry date of the cookie
> i.e the one that holds the session id ,doubled i.e become four minutes.

No. It stays 2 minutes. But two minutes from the last time it was used. If you
were too late or have a clock out of sync, then you'll never get the update to
the next two minutes.


> A user "admin" has initiated a request, done some work closed his browser,
> session cookie holding the session id has expired and that's wonderful as
> expected.
>
> Now If I run this snippet,
>
> from django.contrib.sessions.models import Session
> from django.utils import timzone
>
> sessions = Sessions.objects.filter(expire_date__gte=timezone.now())
>
> The above queryset has the session of the admin user, I am confused is this
> expected behavior? Can someone please address the queries for me.

That's just fine, because the browser will not send the cookie, so the session
is never looked for. Once the date expires, it will be garbage collected.

--
Melvyn Sopacua


--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/12365039.WSUnCLOFxh%40fritzbook.
For more options, visit https://groups.google.com/d/optout.

No comments:

Post a Comment