[CherryPy] #512: settings 'expires' attribute for Cookies should be optional (diff included)
2 views
Skip to first unread message
CherryPy
Apr 21, 2006, 11:55:26 AM4/21/06
to cherrypy...@googlegroups.com
#512: settings 'expires' attribute for Cookies should be optional (diff included)
---------------------------+------------------------------------------------
Id: 512 | Status: new
Component: CherryPy code | Modified: Fri 21 Apr 2006 10:55:26 AM CDT
Severity: normal | Milestone:
Priority: normal | Version:
Owner: rdelon | Reporter: anonymous
---------------------------+------------------------------------------------
Previous fixes to the cookie's "expires" (and not "max-age") attributes
are not optional.
When the 'expires' flag is present, tested browsers (IE, Firefox) make the
cookie persistent across browser restarts, and depend on that setting for
invalidation. When the 'expires' flag is absent, the browser makes the
cookie memory only, and destroys it when the browser process stops. When
using HTTP based authentication, restarting the browser is often the only
way to login as a different user, and as such, forcing the browser to
destroy the cookie is necessary, otherwise, sessions live on into new
logins.
Attached is a simple diff that allows for this by settings
session_filter.timeout to 0.
---------------------------+------------------------------------------------
Id: 512 | Status: new
Component: CherryPy code | Modified: Fri 21 Apr 2006 10:55:26 AM CDT
Severity: normal | Milestone:
Priority: normal | Version:
Owner: rdelon | Reporter: anonymous
---------------------------+------------------------------------------------
Previous fixes to the cookie's "expires" (and not "max-age") attributes
are not optional.
When the 'expires' flag is present, tested browsers (IE, Firefox) make the
cookie persistent across browser restarts, and depend on that setting for
invalidation. When the 'expires' flag is absent, the browser makes the
cookie memory only, and destroys it when the browser process stops. When
using HTTP based authentication, restarting the browser is often the only
way to login as a different user, and as such, forcing the browser to
destroy the cookie is necessary, otherwise, sessions live on into new
logins.
Attached is a simple diff that allows for this by settings
session_filter.timeout to 0.
--
Ticket URL: <http://www.cherrypy.org/ticket/512>
CherryPy <http://www.cherrypy.org>
CherryPy - a pythonic, object-oriented web development framework
CherryPy
Jun 29, 2006, 7:50:33 PM6/29/06
to cherrypy...@googlegroups.com
#512: settings 'expires' attribute for Cookies should be optional (diff included)
---------------------------+------------------------------------------------
Id: 512 | Status: closed
---------------------------+------------------------------------------------
Component: CherryPy code | Modified: Thu 29 Jun 2006 06:50:33 PM CDT
Severity: normal | Milestone:
Priority: normal | Version:
Owner: rdelon | Reporter: anonymous
---------------------------+------------------------------------------------
Changes (by fumanchu):Priority: normal | Version:
Owner: rdelon | Reporter: anonymous
---------------------------+------------------------------------------------
* resolution: => fixed
* status: new => closed
Comment:
Fixed in [1177].
CherryPy
Dec 9, 2006, 7:13:02 PM12/9/06
to cherrypy...@googlegroups.com
#512: settings 'expires' attribute for Cookies should be optional (diff included)
------------------------------------+---------------------------------------
Reporter: anonymous | Owner: rdelon
Type: defect | Status: closed
Priority: normal | Milestone:
Component: CherryPy code | Resolution: fixed
Keywords: session cookie expires |
------------------------------------+---------------------------------------
Comment (by fumanchu):
2.x fix in [1505].
CherryPy - a pythonic, object-oriented HTTP framework
CherryPy
Jan 23, 2007, 10:01:44 AM1/23/07
to cherrypy...@googlegroups.com
#512: settings 'expires' attribute for Cookies should be optional (diff included)
------------------------------------+---------------------------------------
Reporter: anonymous | Owner: rdelon
Type: defect | Status: reopened
Reporter: anonymous | Owner: rdelon
Priority: normal | Milestone:
Component: CherryPy code | Resolution:
Component: CherryPy code | Resolution:
Keywords: session cookie expires |
------------------------------------+---------------------------------------
Changes (by andy....@qustom.co.uk):
------------------------------------+---------------------------------------
* resolution: fixed =>
* status: closed => reopened
Comment:
After looking at the code for session_timeout it appears that although
session cookies (that is, cookies which expire at the end of the user's
browser session) are available by setting the session_timeout to 0, the
session itself then expires immediately.
I'll attach a patch which adds session_filter.session_cookie as a flag to
set when the cookie should expire at the end of the browser session but
session_filter.session_timeout will still effect how long the session data
is held.
CherryPy - a pythonic, object-oriented HTTP framework
CherryPy
Feb 20, 2007, 6:54:08 AM2/20/07
to cherrypy...@googlegroups.com
#512: settings 'expires' attribute for Cookies should be optional (diff included)
------------------------------------+---------------------------------------
Reporter: anonymous | Owner: rdelon
Type: defect | Status: reopened
Priority: normal | Milestone: 2.2.2
Reporter: anonymous | Owner: rdelon
Type: defect | Status: reopened
Component: CherryPy code | Resolution:
Keywords: session cookie expires |
------------------------------------+---------------------------------------
Changes (by guest):
Keywords: session cookie expires |
------------------------------------+---------------------------------------
* milestone: => 2.2.2
--
Ticket URL: <http://cherrypy.org/ticket/512>
CherryPy <http://www.cherrypy.org>
CherryPy - a pythonic, object-oriented HTTP framework
CherryPy
Sep 10, 2011, 4:18:24 PM9/10/11
to cherrypy...@googlegroups.com
#512: [Patch] settings 'expires' attribute for Cookies should be optional (diff
included)
* summary: settings 'expires' attribute for Cookies should be optional
(diff included) => [Patch] settings 'expires'
included)
------------------------------------+---------------------------------------
Reporter: anonymous | Owner: rdelon
Type: defect | Status: reopened
Priority: normal | Milestone: 2.2.2
Component: CherryPy code | Resolution:
Keywords: session cookie expires |
------------------------------------+---------------------------------------
Changes (by oleg):
Reporter: anonymous | Owner: rdelon
Type: defect | Status: reopened
Priority: normal | Milestone: 2.2.2
Component: CherryPy code | Resolution:
Keywords: session cookie expires |
------------------------------------+---------------------------------------
* summary: settings 'expires' attribute for Cookies should be optional
(diff included) => [Patch] settings 'expires'
attribute for Cookies should be optional (diff
included)
CherryPy - a pythonic, object-oriented HTTP frameworkincluded)
Reply all
Reply to author
Forward
0 new messages