[Django] #30714: Add a system check against SESSION_EXPIRE_AT_BROWSER_CLOSE and SESSION_COOKIE_AGE both being set
Django
SESSION_COOKIE_AGE both being set
-------------------------------------------------+------------------------
Reporter: Adam (Chainz) Johnson | Owner: nobody
Type: New feature | Status: new
Component: contrib.sessions | Version: master
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 1
UI/UX: 0 |
-------------------------------------------------+------------------------
The two settings `SESSION_EXPIRE_AT_BROWSER_CLOSE` and
`SESSION_COOKIE_AGE` are mutually exclusive. If a user has set both of
them, they should be warned with a system check.
--
Ticket URL: <https://code.djangoproject.com/ticket/30714>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
SESSION_COOKIE_AGE both being set
Reporter: Adam (Chainz) | Owner: nobody
Johnson |
Type: New feature | Status: closed
Component: contrib.sessions | Version: master
Severity: Normal | Resolution: wontfix
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Carlton Gibson):
* status: new => closed
* resolution: => wontfix
Comment:
I'm not sure about this.
`SESSION_COOKIE_AGE` defaults to two weeks. (OK, one thinks). I don't
touch that. I simply enable `SESSION_EXPIRE_AT_BROWSER_CLOSE` and all of a
sudden I get a warning?
That seems less than ideal.
Either we need to rationalize these settings somehow. (Maybe
`SESSION_COOKIE_AGE == 0` entailing `SESSION_EXPIRE_AT_BROWSER_CLOSE`?) Or
accept that whilst related they're not strictly interdependent.
Happy to think about it, but a decision is needed first no? Going to say
`wontfix` plus possible discussion on DevelopersMailingList for that
reason. Happy to reopen later if we can come up with something.
--
Ticket URL: <https://code.djangoproject.com/ticket/30714#comment:1>
Django
SESSION_COOKIE_AGE both being set
Reporter: Adam (Chainz) | Owner: nobody
Johnson |
Type: New feature | Status: closed
Severity: Normal | Resolution: wontfix
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Comment (by Adam (Chainz) Johnson):
The check can use `settings.is_overridden` to check that the user has set
it, rather than it being the default coming from the global settings file
:)
I posted this ticket because it happened to me, found a project that had
both configured and it wasn't clear which was intended by the original
developer.
--
Ticket URL: <https://code.djangoproject.com/ticket/30714#comment:2>
Django
SESSION_COOKIE_AGE both being set
Reporter: Adam (Chainz) | Owner: nobody
Johnson |
Type: New feature | Status: closed
Severity: Normal | Resolution: wontfix
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Comment (by Carlton Gibson):
Yeah... still not convinced they're contraries.
`SESSION_EXPIRE_AT_BROWSER_CLOSE` tumps whatever value you have for
`SESSION_COOKIE_AGE`, so if you set, you meant that. I'm not at all
convinced we need a system check here.
--
Ticket URL: <https://code.djangoproject.com/ticket/30714#comment:3>
Django
SESSION_COOKIE_AGE both being set
Reporter: Adam (Chainz) | Owner: nobody
Johnson |
Type: New feature | Status: closed
Severity: Normal | Resolution: wontfix
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Comment (by Adam (Chainz) Johnson):
I think the confusion was that the behaviours don't combine. You can't
have a session that is maximum 30 minutes but also disappears if the
browser is closed. The docs could be clearer but I think a check is the
easiest way to prevent such misconfiguration,
--
Ticket URL: <https://code.djangoproject.com/ticket/30714#comment:4>