Fixed #395 -- Added SESSION_EXPIRE_AT_BROWSER_CLOSE setting, which regulates whether session framework should use browser-session-length cookies.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3049 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
dbcd2fe985
commit
26b61aa813
|
@ -235,6 +235,7 @@ SESSION_COOKIE_NAME = 'sessionid' # Cookie name. This can be whatever yo
|
||||||
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2 # Age of cookie, in seconds (default: 2 weeks).
|
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2 # Age of cookie, in seconds (default: 2 weeks).
|
||||||
SESSION_COOKIE_DOMAIN = None # A string like ".lawrence.com", or None for standard domain cookie.
|
SESSION_COOKIE_DOMAIN = None # A string like ".lawrence.com", or None for standard domain cookie.
|
||||||
SESSION_SAVE_EVERY_REQUEST = False # Whether to save the session data on every request.
|
SESSION_SAVE_EVERY_REQUEST = False # Whether to save the session data on every request.
|
||||||
|
SESSION_EXPIRE_AT_BROWSER_CLOSE = False # Whether sessions expire when a user closes his browser.
|
||||||
|
|
||||||
#########
|
#########
|
||||||
# CACHE #
|
# CACHE #
|
||||||
|
|
|
@ -79,9 +79,14 @@ class SessionMiddleware:
|
||||||
else:
|
else:
|
||||||
if modified or settings.SESSION_SAVE_EVERY_REQUEST:
|
if modified or settings.SESSION_SAVE_EVERY_REQUEST:
|
||||||
session_key = request.session.session_key or Session.objects.get_new_session_key()
|
session_key = request.session.session_key or Session.objects.get_new_session_key()
|
||||||
|
if settings.SESSION_EXPIRE_AT_BROWSER_CLOSE:
|
||||||
|
max_age = None
|
||||||
|
expires = None
|
||||||
|
else:
|
||||||
|
max_age = settings.SESSION_COOKIE_AGE
|
||||||
|
expires = datetime.datetime.strftime(datetime.datetime.utcnow() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE), "%a, %d-%b-%Y %H:%M:%S GMT")
|
||||||
new_session = Session.objects.save(session_key, request.session._session,
|
new_session = Session.objects.save(session_key, request.session._session,
|
||||||
datetime.datetime.now() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE))
|
datetime.datetime.now() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE))
|
||||||
expires = datetime.datetime.strftime(datetime.datetime.utcnow() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE), "%a, %d-%b-%Y %H:%M:%S GMT")
|
|
||||||
response.set_cookie(settings.SESSION_COOKIE_NAME, session_key,
|
response.set_cookie(settings.SESSION_COOKIE_NAME, session_key,
|
||||||
max_age=settings.SESSION_COOKIE_AGE, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN)
|
max_age=max_age, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN)
|
||||||
return response
|
return response
|
||||||
|
|
|
@ -197,6 +197,22 @@ will be sent on every request.
|
||||||
Similarly, the ``expires`` part of a session cookie is updated each time the
|
Similarly, the ``expires`` part of a session cookie is updated each time the
|
||||||
session cookie is sent.
|
session cookie is sent.
|
||||||
|
|
||||||
|
Browser-length sessions vs. persistent sessions
|
||||||
|
===============================================
|
||||||
|
|
||||||
|
You can control whether the session framework uses browser-length sessions vs.
|
||||||
|
persistent sessions with the ``SESSION_EXPIRE_AT_BROWSER_CLOSE`` setting.
|
||||||
|
|
||||||
|
By default, ``SESSION_EXPIRE_AT_BROWSER_CLOSE`` is set to ``False``, which
|
||||||
|
means session cookies will be stored in users' browsers for as long as
|
||||||
|
``SESSION_COOKIE_AGE``. Use this if you don't want people to have to log in
|
||||||
|
every time they open a browser.
|
||||||
|
|
||||||
|
If ``SESSION_EXPIRE_AT_BROWSER_CLOSE`` is set to ``True``, Django will use
|
||||||
|
browser-length cookies -- cookies that expire as soon as the user closes his or
|
||||||
|
her browser. Use this if you want people to have to log in every time they open
|
||||||
|
a browser.
|
||||||
|
|
||||||
Settings
|
Settings
|
||||||
========
|
========
|
||||||
|
|
||||||
|
@ -225,6 +241,14 @@ Default: ``'sessionid'``
|
||||||
|
|
||||||
The name of the cookie to use for sessions. This can be whatever you want.
|
The name of the cookie to use for sessions. This can be whatever you want.
|
||||||
|
|
||||||
|
SESSION_EXPIRE_AT_BROWSER_CLOSE
|
||||||
|
-------------------------------
|
||||||
|
|
||||||
|
Default: ``False``
|
||||||
|
|
||||||
|
Whether to expire the session when the user closes his or her browser. See
|
||||||
|
"Browser-length sessions vs. persistent sessions" above.
|
||||||
|
|
||||||
SESSION_SAVE_EVERY_REQUEST
|
SESSION_SAVE_EVERY_REQUEST
|
||||||
--------------------------
|
--------------------------
|
||||||
|
|
||||||
|
|
|
@ -603,6 +603,14 @@ Default: ``'sessionid'``
|
||||||
The name of the cookie to use for sessions. This can be whatever you want.
|
The name of the cookie to use for sessions. This can be whatever you want.
|
||||||
See the `session docs`_.
|
See the `session docs`_.
|
||||||
|
|
||||||
|
SESSION_EXPIRE_AT_BROWSER_CLOSE
|
||||||
|
-------------------------------
|
||||||
|
|
||||||
|
Default: ``False``
|
||||||
|
|
||||||
|
Whether to expire the session when the user closes his or her browser.
|
||||||
|
See the `session docs`_.
|
||||||
|
|
||||||
SESSION_SAVE_EVERY_REQUEST
|
SESSION_SAVE_EVERY_REQUEST
|
||||||
--------------------------
|
--------------------------
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue