Session Cookie expiration

900 views
Skip to first unread message

Dragan Espenschied

unread,
Sep 17, 2011, 5:12:10 AM9/17/11
to web.py
Hello again

I used this line of code to give the session cookie a 5 year long expiration time:

web.config.session_parameters['timeout'] = (60 * 60 * 24 * 365 * 5)

However, checking in Firefox's cookie manager, I see the cookie will expire with
the current browsing session ... what's wrong?

Dragan

--
http://noobz.cc/
http://digitalfolklore.org/
http://contemporary-home-computing.org/1tb/

FM

unread,
Sep 17, 2011, 12:38:33 PM9/17/11
to we...@googlegroups.com
Nothing is wrong. Session cookies are meant to be expired when the browser is closed. It's not web.py specific, it's the general rule. I think what you're looking for is cookies. By using cookies, you could set expire time to 5 years.

http://webpy.org/cookbook/cookies

Dragan Espenschied

unread,
Sep 20, 2011, 8:03:42 AM9/20/11
to we...@googlegroups.com
Isn't it true that I would store a user's log in state in the session? If the
session then cannot survive the browser being closed, it would mean for any user
to log in each time they visit the web site, which is quite unusual and annoying.

Does it mean i need to get the session id and store it in a cookie, retrieve it
from there and then putting it back into the session? On every access? Even PHP
has better session management than that :)

What use does the session 'timeout' parameter serve then?

Maybe I am getting something wrong here?

Bests,
Dragan

> --
> You received this message because you are subscribed to the Google Groups
> "web.py" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/webpy/-/6M2G_oLDSHYJ.
> To post to this group, send email to we...@googlegroups.com.
> To unsubscribe from this group, send email to webpy+un...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/webpy?hl=en.

Justin Davis

unread,
Sep 20, 2011, 8:30:54 PM9/20/11
to web.py
Hi Dragan,

Good question. The timeout parameter determines when to delete the
session from disk (or database depending on store). So, if I had an
idle browser open for 25 hours, the webpy session engine would delete
that data from disk even though your cookie is still valid.

There isn't (currently) a way to handle the cookie timeout time in
webpy sessions -- it uses web.setcookie without setting an expiration
directly, so the cookie defaults to expiring when the user closes
their browser. It wouldn't be too complicated to add in that behavior
however.

Best,
Justin

Dragan Espenschied

unread,
Sep 21, 2011, 4:42:46 AM9/21/11
to we...@googlegroups.com
Thanks for the clarification, Justin!
I filed an issue and hope it will be changed.
https://github.com/webpy/webpy/issues/99
Bests,
Dragan

--

Dragan Espenschied

unread,
Sep 21, 2011, 4:45:26 AM9/21/11
to we...@googlegroups.com
Duplicate of https://github.com/webpy/webpy/issues/61
...
Reply all
Reply to author
Forward
0 new messages