Django - Is the session cookie expiry time updated when session data is modified?

Question

I have a Django application where I want the user session to expire after X days since the user login.

Reading the Django docs I've found that the relevant config option is SESSION_COOKIE_AGE. However https://stackoverflow.com/a/24147980/356729 states that "the expires part of a session cookie is updated each time the session cookie is sent", which is by default every time the session is modified.

Does that mean that, every time the session data is updated, the session cookie expiry date is updated to now + SESSION_COOKIE_AGE?

Answer 1

The answer to my own question is: YES. Here is the relevant code:

if modified or settings.SESSION_SAVE_EVERY_REQUEST:
    if request.session.get_expire_at_browser_close():
        max_age = None
        expires = None
    else:
        max_age = request.session.get_expiry_age()
        expires_time = time.time() + max_age
        expires = cookie_date(expires_time)
    # Save the session data and refresh the client cookie.
    # Skip session save for 500 responses, refs #3881.
    if response.status_code != 500:
        request.session.save()
        response.set_cookie(settings.SESSION_COOKIE_NAME,
                request.session.session_key, max_age=max_age,
                expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
                path=settings.SESSION_COOKIE_PATH,
                secure=settings.SESSION_COOKIE_SECURE or None,
                httponly=settings.SESSION_COOKIE_HTTPONLY or None)