Re: SESSION_EXPIRE_AT_BROWSER_CLOSE
Once there was no such thing as a cookie that expired at browser close. Note that such must be implemented by the user agent (browser), since that's the only thing that knows if it has been closed. (And, in fact, if you want it to be closed if the browser crashes, or if it is hard killed by the OS, or if the machine crashes, it doesn't get an opportunity to delete cookies. Probably this is implemented at start up, when it can toss anything in the cookie store marked as close at end of browser session. Cookies in RAM only is another approach, but there can be security exploits through having cookies push the size of process RAM.) You would have to check whether the user agent (as claimed) supports this, since not all browsers (I'll bet) support the feature, and choose a different mechanism otherwise. Probably best to just use that other mechanism. One approach comes to mind. Have JavaScript implementing a heart beat poll, and have the cookie invalidated on the Django side if the last access, poll or normal, was "too long' ago. Two issues with involve what constitutes "too long". Sometimes people have bad connections, and "too long" may elapse during their network latency of the moment. And if "too long" is too long, you can easily close and restart the browser before it elapses. Another that may or may not be possible in all user agents is to access the timestamp at which the browser was started and include that with each request (possibly by having the JavaScript that runs when the page load modify the cooking to include that timestamp. Then Django session code would have to consider a non-matching cookie invalid, but accept that timestamp when accepting a log in. This has long been a tough problem. Further, I'm not sure that you are doing your users any favors by training them to believe that closing the browser logs them out. There will be plenty of sites where this doesn't work. On Sun, Jul 14, 2019 at 11:33 AM M. Farhan Zia wrote: > Im facing the same problem, How did you solve this problem? > > > On Sunday, January 22, 2017 at 1:21:04 PM UTC+5, ADEWALE ADISA wrote: >> >> Good day; >> Please i need help on the issues am facing on >> SESSION_EXPIRE_AT_BROWSER_CLOSE django settings.py. In my setting file i >> have: >> >> SESSION_EXPIRE_AT_BROWSER_CLOSE = True >> >> but unfortunately, whenever my users close there browsers and open it >> again, they are login automatically, which shows that the session did not >> expire. >> Am facing this issue on all browers. >> On chrome, when i went to the settings and manually choose to expire >> cookies, the SESSION_EXPIRE_AT_BROWSER_CLOSE worked. >> In deployed application, i can not be asking my users to be changing >> cookies setting in their browsers. >> Please how can i achieve session expire after closing browser >> irrespective of user browser settings. Or if there is javasctipt snippet i >> can use to control this. >> >> Thanks in advance. >> soliu - fxSoftlogix >> > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-users+unsubscr...@googlegroups.com. > To post to this group, send email to django-users@googlegroups.com. > Visit this group at https://groups.google.com/group/django-users. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/add560a7-21ee-4971-98fd-8e8dc66c6b13%40googlegroups.com > <https://groups.google.com/d/msgid/django-users/add560a7-21ee-4971-98fd-8e8dc66c6b13%40googlegroups.com?utm_medium=email_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAB%2BAj0u-TqspFnsm4XQv4J24db7gvGo4xkQd6tw%2BMVAL_CPJXA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: SESSION_EXPIRE_AT_BROWSER_CLOSE
Im facing the same problem, How did you solve this problem? On Sunday, January 22, 2017 at 1:21:04 PM UTC+5, ADEWALE ADISA wrote: > > Good day; > Please i need help on the issues am facing on > SESSION_EXPIRE_AT_BROWSER_CLOSE django settings.py. In my setting file i > have: > > SESSION_EXPIRE_AT_BROWSER_CLOSE = True > > but unfortunately, whenever my users close there browsers and open it > again, they are login automatically, which shows that the session did not > expire. > Am facing this issue on all browers. > On chrome, when i went to the settings and manually choose to expire > cookies, the SESSION_EXPIRE_AT_BROWSER_CLOSE worked. > In deployed application, i can not be asking my users to be changing > cookies setting in their browsers. > Please how can i achieve session expire after closing browser irrespective > of user browser settings. Or if there is javasctipt snippet i can use to > control this. > > Thanks in advance. > soliu - fxSoftlogix > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/add560a7-21ee-4971-98fd-8e8dc66c6b13%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: SESSION_EXPIRE_AT_BROWSER_CLOSE
thanks again Mr James. am able to solve the problem now by running the management command "python manage.py clearsessions". This pratically delete all the session stored on the django session database. so SESSION_EXPIRE_AT_BROWSER_CLOSE behave as it should now. On Jan 22, 2017 9:41 AM, "James Bennett" <ubernost...@gmail.com> wrote: > Make sure you're not looking at users who already had a session cookie set > before you changed the setting. Existing cookies might not get immediately > rewritten to have the shorter expiration. > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-users+unsubscr...@googlegroups.com. > To post to this group, send email to django-users@googlegroups.com. > Visit this group at https://groups.google.com/group/django-users. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/django-users/CAL13Cg-ycUN1cjiy_sbtdvRYa0sF4KMVHUK% > 2B%2BTipC1GCy0XWww%40mail.gmail.com > <https://groups.google.com/d/msgid/django-users/CAL13Cg-ycUN1cjiy_sbtdvRYa0sF4KMVHUK%2B%2BTipC1GCy0XWww%40mail.gmail.com?utm_medium=email_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAMGzuy9ncC3hq0D0j%3DYkXF%3DK%2B5is5COnThs2Y5_cq6sXZAz7_Q%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: SESSION_EXPIRE_AT_BROWSER_CLOSE
Thanks Mr James for the urgent reply. Even when the server and the user pc are restarted after the setting, the situation is the same. from the django docs; there is a section that goes : Note Some browsers (Chrome, for example) provide settings that allow users to continue browsing sessions after closing and re-opening the browser. In some cases, this can interfere with the SESSION_EXPIRE_AT_BROWSER_CLOSE setting and prevent sessions from expiring on browser close. Please be aware of this while testing Django applications which have the SESSION_EXPIRE_AT_BROWSER_CLOSE setting enabled. Maybe this is what is causing the issue. but i just think that people must have a way of going around this problem. On Jan 22, 2017 9:41 AM, "James Bennett" <ubernost...@gmail.com> wrote: > Make sure you're not looking at users who already had a session cookie set > before you changed the setting. Existing cookies might not get immediately > rewritten to have the shorter expiration. > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-users+unsubscr...@googlegroups.com. > To post to this group, send email to django-users@googlegroups.com. > Visit this group at https://groups.google.com/group/django-users. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/django-users/CAL13Cg-ycUN1cjiy_sbtdvRYa0sF4KMVHUK% > 2B%2BTipC1GCy0XWww%40mail.gmail.com > <https://groups.google.com/d/msgid/django-users/CAL13Cg-ycUN1cjiy_sbtdvRYa0sF4KMVHUK%2B%2BTipC1GCy0XWww%40mail.gmail.com?utm_medium=email_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAMGzuy-oT2j8JxGDMrfda7-wSnXpm2jeQ-v2h%3DXrPNUxUUqerA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: SESSION_EXPIRE_AT_BROWSER_CLOSE
Make sure you're not looking at users who already had a session cookie set before you changed the setting. Existing cookies might not get immediately rewritten to have the shorter expiration. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAL13Cg-ycUN1cjiy_sbtdvRYa0sF4KMVHUK%2B%2BTipC1GCy0XWww%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
SESSION_EXPIRE_AT_BROWSER_CLOSE
Good day; Please i need help on the issues am facing on SESSION_EXPIRE_AT_BROWSER_CLOSE django settings.py. In my setting file i have: SESSION_EXPIRE_AT_BROWSER_CLOSE = True but unfortunately, whenever my users close there browsers and open it again, they are login automatically, which shows that the session did not expire. Am facing this issue on all browers. On chrome, when i went to the settings and manually choose to expire cookies, the SESSION_EXPIRE_AT_BROWSER_CLOSE worked. In deployed application, i can not be asking my users to be changing cookies setting in their browsers. Please how can i achieve session expire after closing browser irrespective of user browser settings. Or if there is javasctipt snippet i can use to control this. Thanks in advance. soliu - fxSoftlogix -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAMGzuy9pJJBsrz%3De983Np0txHukj7mxPFUftO-7oiU1WDNo6Mg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: SESSION_EXPIRE_AT_BROWSER_CLOSE = True, session expiry date wrong when browser closed?
在 2010年12月10日星期五UTC+8下午9时57分20秒,Tom Evans写道: > > On Fri, Dec 10, 2010 at 1:27 PM, Stodge <sto...@gmail.com > > wrote: > > I have SESSION_EXPIRE_AT_BROWSER_CLOSE set to True in my settings. > > When the user visits my custom login page a new session is created for > > them in the database. The expiry time is set to two weeks. > > > > If I then close the browser, the expiry hour/minute are adjusted but > > it's still set to two weeks in the future. Shouldn't the expiry date > > be set to the current date? > > > > If I re-open the browser, login and then close the browser, the > > session expiry time is still set to two weeks. Shouldn't the expiry > > date be set to the current date? The session is expired because I have > > to re-login when I visit the site again. > > > > Thanks > > > > SESSION_EXPIRE_AT_BROWSER_CLOSE denotes whether the session cookie is > set as a session cookie (browser removes the cookie when it closes) or > whether it is a permanent cookie (with lifetime equal to the expiry > date set in the model). > > It does not affect anything to do with stored sessions, so the session > expiry date does not change in the DB, your browser just loses the > session id when it is closed, and so when it is re-opened it can no > longer access the (still valid, and not expired) session. > > Cheers > > Tom > Thanks, your reply helps me a lot! -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: mis-named setting? SESSION_EXPIRE_AT_BROWSER_CLOSE
On Monday 31 January 2011 18:38:20 Tim Sawyer wrote: > > You can't stop the user from closing the browser, or switching to another > > tab, with JS. And you shouldn't try to stop them navigating away - this > > sort of thing is only likely to annoy them intensely. > > Taking this to the extreme - what do you want to happen if a person using > your site has a powercut? Or pulls out their network connection? This > will not run any site-close javascript. > > We had a designer request similar functionality in a Struts app years ago > - it's really annoying and goes wrong often and we vowed never to do it > again. > > How about looking at RabbitMQ or XMPP for presence? > > Tim. This is known as hartbeat pattern. Sending small message from a client to a server stating "i'm alive". That way you can have rather small window (still it's a window, not exact time) to determine is someone logged in or not. Note that you still need something to determine if heartbeats stopped to come in. So it's you need additional tests is time between two heartbeats too much, and then do forced logout. Now you can have feature that can tell "active users within last X minutes" quite easily. -- Jani Tiainen -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: mis-named setting? SESSION_EXPIRE_AT_BROWSER_CLOSE
> You can't stop the user from closing the browser, or switching to another > tab, with JS. And you shouldn't try to stop them navigating away - this > sort of thing is only likely to annoy them intensely. Taking this to the extreme - what do you want to happen if a person using your site has a powercut? Or pulls out their network connection? This will not run any site-close javascript. We had a designer request similar functionality in a Struts app years ago - it's really annoying and goes wrong often and we vowed never to do it again. How about looking at RabbitMQ or XMPP for presence? Tim. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: mis-named setting? SESSION_EXPIRE_AT_BROWSER_CLOSE
On Monday, January 31, 2011 3:06:29 PM UTC, Ivan Uemlianin wrote: > > Dear Tom > > Thanks for your comment. > > My use case is a "presence"-type system. When a user logs out their > status change is sent out to all other logged-in users (using comet). > If they just close the browser this doesn't happen. I'm mulling over > two possible solutions: > > (a) some bit of javascript that will logout the user if they close the > browser or navigate away from the site (but I don't know if you can do > the former with js; and the latter to work properly if they have other > tabs still on the site). It requires javascript, but it's a fairly > javascript-heavy site anyway. > > (b) something using SESSION_COOKIE_AGE. Set it to a few minutes and > have something running that will logout any users with expired > sessions (and delete the session too). Unfortunately the javascript > GET requests for the comet don't go through django, so they won't keep > the session alive. Setting SESSION_COOKIE_AGE too low will risk > logging out against users' wishes, but setting it to much more than a > few minutes will render this solution useless. This solution doesn't > feel right at all. > > If (a) is possible I think I'll go with that. > > Best > > Ivan > You can't stop the user from closing the browser, or switching to another tab, with JS. And you shouldn't try to stop them navigating away - this sort of thing is only likely to annoy them intensely. Instead, the best alternative that I've seen proposed is some sort of regular 'ping' - as long as the user has the page open, some Javascript contacts your server every minute or so, to let it know they're still there. Then you know that your 'active' users are those who have pinged in the last minute. -- DR. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: mis-named setting? SESSION_EXPIRE_AT_BROWSER_CLOSE
Dear Tom Thanks for your comment. My use case is a "presence"-type system. When a user logs out their status change is sent out to all other logged-in users (using comet). If they just close the browser this doesn't happen. I'm mulling over two possible solutions: (a) some bit of javascript that will logout the user if they close the browser or navigate away from the site (but I don't know if you can do the former with js; and the latter to work properly if they have other tabs still on the site). It requires javascript, but it's a fairly javascript-heavy site anyway. (b) something using SESSION_COOKIE_AGE. Set it to a few minutes and have something running that will logout any users with expired sessions (and delete the session too). Unfortunately the javascript GET requests for the comet don't go through django, so they won't keep the session alive. Setting SESSION_COOKIE_AGE too low will risk logging out against users' wishes, but setting it to much more than a few minutes will render this solution useless. This solution doesn't feel right at all. If (a) is possible I think I'll go with that. Best Ivan On Jan 31, 2:42 pm, Tom Evans <tevans...@googlemail.com> wrote: > On Mon, Jan 31, 2011 at 2:21 PM, Ivan Uemlianin <i...@llaisdy.com> wrote: > > Dear All > > > Is the setting SESSION_EXPIRE_AT_BROWSER_CLOSE mis-named? As far as I > > can tell the setting doesn't influence the session expiry at all > > (e.g., what happens to the django_session table on the server). What > > this setting seems to affect is the expiry of the *cookie* in the > > browser. > > > I'm looking into a way for django to detect users no longer on the > > site (i.e. authenticated users who rather than logout, have navigated > > away from the site or closed their browser). From the name, I had > > thought this setting would be useful. It looks like it'll be useful > > for the client side, but for the server side it's irrelevant surely? > > A clearer name would be something like > > SESSION_COOKIE_EXPIRE_AT_BROWSER_CLOSE. > > > Best wishes > > > Ivan > > The result of the session cookie expiring is that the session key > stored in that cookie is no longer retained by the browser, and > effectively, the session has expired. Whilst I see your point, it's a > bit pedantic and unlikely to be changed. > > The only way to determine if the user is still active if they do not > actively log out is to treat them as logged in if they have an 'active > session'. How you define 'active session' is up to you; I treat any > unexpired session as active, and set settings.SESSION_COOKIE_AGE to > something appropriate (2 week long sessions do not appeal to me). > I can then answer the question "How many distinct sessions are > currently active" (not "How many distinct users are currently active", > nor "How many users are currently using the site"). > > Cheers > > Tom -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: mis-named setting? SESSION_EXPIRE_AT_BROWSER_CLOSE
On Mon, Jan 31, 2011 at 2:21 PM, Ivan Uemlianin <i...@llaisdy.com> wrote: > Dear All > > Is the setting SESSION_EXPIRE_AT_BROWSER_CLOSE mis-named? As far as I > can tell the setting doesn't influence the session expiry at all > (e.g., what happens to the django_session table on the server). What > this setting seems to affect is the expiry of the *cookie* in the > browser. > > I'm looking into a way for django to detect users no longer on the > site (i.e. authenticated users who rather than logout, have navigated > away from the site or closed their browser). From the name, I had > thought this setting would be useful. It looks like it'll be useful > for the client side, but for the server side it's irrelevant surely? > A clearer name would be something like > SESSION_COOKIE_EXPIRE_AT_BROWSER_CLOSE. > > Best wishes > > Ivan > The result of the session cookie expiring is that the session key stored in that cookie is no longer retained by the browser, and effectively, the session has expired. Whilst I see your point, it's a bit pedantic and unlikely to be changed. The only way to determine if the user is still active if they do not actively log out is to treat them as logged in if they have an 'active session'. How you define 'active session' is up to you; I treat any unexpired session as active, and set settings.SESSION_COOKIE_AGE to something appropriate (2 week long sessions do not appeal to me). I can then answer the question "How many distinct sessions are currently active" (not "How many distinct users are currently active", nor "How many users are currently using the site"). Cheers Tom -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
mis-named setting? SESSION_EXPIRE_AT_BROWSER_CLOSE
Dear All Is the setting SESSION_EXPIRE_AT_BROWSER_CLOSE mis-named? As far as I can tell the setting doesn't influence the session expiry at all (e.g., what happens to the django_session table on the server). What this setting seems to affect is the expiry of the *cookie* in the browser. I'm looking into a way for django to detect users no longer on the site (i.e. authenticated users who rather than logout, have navigated away from the site or closed their browser). From the name, I had thought this setting would be useful. It looks like it'll be useful for the client side, but for the server side it's irrelevant surely? A clearer name would be something like SESSION_COOKIE_EXPIRE_AT_BROWSER_CLOSE. Best wishes Ivan -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: SESSION_EXPIRE_AT_BROWSER_CLOSE = True, session expiry date wrong when browser closed?
Ok thanks. I'm trying to limit the number of concurrent users using sessions. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: SESSION_EXPIRE_AT_BROWSER_CLOSE = True, session expiry date wrong when browser closed?
AFAIK there is a known bug in FireFox preventing it from working correctly. Try (nearly) any other browser. "Stodge" <sto...@gmail.com> schrieb: >I have SESSION_EXPIRE_AT_BROWSER_CLOSE set to True in my settings. >When the user visits my custom login page a new session is created for >them in the database. The expiry time is set to two weeks. > >If I then close the browser, the expiry hour/minute are adjusted but >it's still set to two weeks in the future. Shouldn't the expiry date >be set to the current date? > >If I re-open the browser, login and then close the browser, the >session expiry time is still set to two weeks. Shouldn't the expiry >date be set to the current date? The session is expired because I have >to re-login when I visit the site again. > >Thanks > >-- >You received this message because you are subscribed to the Google >Groups "Django users" group. >To post to this group, send email to django-us...@googlegroups.com. >To unsubscribe from this group, send email to >django-users+unsubscr...@googlegroups.com. >For more options, visit this group at >http://groups.google.com/group/django-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: SESSION_EXPIRE_AT_BROWSER_CLOSE = True, session expiry date wrong when browser closed?
On Fri, Dec 10, 2010 at 1:27 PM, Stodge <sto...@gmail.com> wrote: > I have SESSION_EXPIRE_AT_BROWSER_CLOSE set to True in my settings. > When the user visits my custom login page a new session is created for > them in the database. The expiry time is set to two weeks. > > If I then close the browser, the expiry hour/minute are adjusted but > it's still set to two weeks in the future. Shouldn't the expiry date > be set to the current date? > > If I re-open the browser, login and then close the browser, the > session expiry time is still set to two weeks. Shouldn't the expiry > date be set to the current date? The session is expired because I have > to re-login when I visit the site again. > > Thanks > SESSION_EXPIRE_AT_BROWSER_CLOSE denotes whether the session cookie is set as a session cookie (browser removes the cookie when it closes) or whether it is a permanent cookie (with lifetime equal to the expiry date set in the model). It does not affect anything to do with stored sessions, so the session expiry date does not change in the DB, your browser just loses the session id when it is closed, and so when it is re-opened it can no longer access the (still valid, and not expired) session. Cheers Tom -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
SESSION_EXPIRE_AT_BROWSER_CLOSE = True, session expiry date wrong when browser closed?
I have SESSION_EXPIRE_AT_BROWSER_CLOSE set to True in my settings. When the user visits my custom login page a new session is created for them in the database. The expiry time is set to two weeks. If I then close the browser, the expiry hour/minute are adjusted but it's still set to two weeks in the future. Shouldn't the expiry date be set to the current date? If I re-open the browser, login and then close the browser, the session expiry time is still set to two weeks. Shouldn't the expiry date be set to the current date? The session is expired because I have to re-login when I visit the site again. Thanks -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: SESSION_EXPIRE_AT_BROWSER_CLOSE and normal cookie
I thought that None is equal to 'forever'. Thanks. On 26 Cze, 01:41, humble <eyuw...@gmail.com> wrote: > you didn't specify max_age in response.set_cookie('myname', data), > which assumes None by default. Therefore that cookie expires when > browsers closes. > > On Jun 25, 3:58 pm, pr <crico...@gmail.com> wrote: > > > Hello, > > > When I set SESSION_EXPIRE_AT_BROWSER_CLOSE to True, Django > > automatically remove not only my session cookie (sessionid) but also > > any others cookies creating by using response.set_cookie('myname', > > data). Why? I want to keep all cookies without session cookie. > > > Thank You. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: SESSION_EXPIRE_AT_BROWSER_CLOSE and normal cookie
you didn't specify max_age in response.set_cookie('myname', data), which assumes None by default. Therefore that cookie expires when browsers closes. On Jun 25, 3:58 pm, pr <crico...@gmail.com> wrote: > Hello, > > When I set SESSION_EXPIRE_AT_BROWSER_CLOSE to True, Django > automatically remove not only my session cookie (sessionid) but also > any others cookies creating by using response.set_cookie('myname', > data). Why? I want to keep all cookies without session cookie. > > Thank You. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
SESSION_EXPIRE_AT_BROWSER_CLOSE and normal cookie
Hello, When I set SESSION_EXPIRE_AT_BROWSER_CLOSE to True, Django automatically remove not only my session cookie (sessionid) but also any others cookies creating by using response.set_cookie('myname', data). Why? I want to keep all cookies without session cookie. Thank You. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: remember me on this computer vs SESSION_EXPIRE_AT_BROWSER_CLOSE
You're on the right track. As the docs state, you can then override the site-wide setting: http://docs.djangoproject.com/en/dev/topics/http/sessions/#browser-length-sessions-vs-persistent-sessions Steve's comment about requiring a "huge session store" is not really too much of an issue. It's your responsibility to keep the session table clean: http://docs.djangoproject.com/en/dev/topics/http/sessions/#clearing-the-session-table On Feb 1, 9:29 am, felix <crucialfe...@gmail.com> wrote: > I'm trying to implement the standard option "remember me on this computer" > > which in practice means expire the session or not at the end of the session > > it looks like django's auth uses a sitewide setting > SESSION_EXPIRE_AT_BROWSER_CLOSE > > does anybody know the best way to approach this ? is it the > SessionMiddleware that should be replaced ? > > felix : crucial-systems.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: remember me on this computer vs SESSION_EXPIRE_AT_BROWSER_CLOSE
felix wrote: > > I'm trying to implement the standard option "remember me on this computer" > > which in practice means expire the session or not at the end of the > session No it doesn't: you want the session to end when the user logs out, otherwise in a large site you would end up needing a huge session store. > > it looks like django's auth uses a sitewide setting > SESSION_EXPIRE_AT_BROWSER_CLOSE > > does anybody know the best way to approach this ? is it the > SessionMiddleware that should be replaced ? > What you need is to send a cookie that you can use to identify the user to the site when they come back to the login page. The view that renders the login page sees the cookie and fills in the correct username, so the user only has to enter the password to log in. More and more users are using the browser to store usernames and passwords anyway, sot he "remember me" option isn't used as much as it used to be. regards Steve --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
remember me on this computer vs SESSION_EXPIRE_AT_BROWSER_CLOSE
I'm trying to implement the standard option "remember me on this computer" which in practice means expire the session or not at the end of the session it looks like django's auth uses a sitewide setting SESSION_EXPIRE_AT_BROWSER_CLOSE does anybody know the best way to approach this ? is it the SessionMiddleware that should be replaced ? felix :crucial-systems.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---